Video Transcript
Transferring files to and from Cali Lennox there are learning objective is to understand the various methods to transfer files to and from Cali what we've already seen this, right? And the last lesson we saw that I transferred the dirty cow exploit from my Cali box to the victim box and I needed to do that to execute that that binary and ultimately get privileged escalation become root.
The only way I can do that is by knowing how to transfer file and there's various ways to do that. I can also exfiltrate data this way right? I can zip a bunch of sensitive files and exfiltrate it over to my machine. Maybe I want to uh steal an Ssh key or configuration files, I can do that by grabbing it from that machine. Maybe you know, maybe I see it on their SMB server and I need to get it over to my machine. Of course I can use SMB to do that. But maybe I don't know that protocols disabled or I don't have the ability to do that uh with SMB but I I found another way to get remote code execution. So I need to be able to figure out the various methods to transfer files and there's a bunch of methods to do that. As you can see here. I have http. Ftp. Smb. Ssh.
Of course you need to be able to ssh into the machine to do that and net cat. So we have a plethora of ways if you will to get files to and from a host to and from our Cali machine. So http this is probably the way I do this the most is I will either use python tech. M simple http server, which is python two, which defaults support 8000. You can change that if you want or python three. HDP server. I now prefer to, you use python three hp server just because when you do control, see you don't get a messy output with python three. Where is it with python two? You do. So this is a way you have to set it up in the directory like here.
If I set it up in desktop, my servers set up in desktops, I have to make sure the files that I want to transfer over are in the desktop. Also you can do this by using Apache which is native and Callie. So if I want to enable Apache to start up every time I boot up the machine, I'll do system CTL enable Apache two or systems start. Apache two. You have to make sure that those files though are in var dub, dub, dub, html and that's where your files are sitting. If I if I have some exploits set up or something like that or I want to do something locally on my machine that's we'll have it sitting or or if if I want to have persistence or if I know that I'm gonna be transferring a net cat shell with a Windows box often I will leave it in var dub, dub, dub html. Just so I know that it's always going to be sitting there and I don't have to use python every single time.
Also if I want to say do across a scripting vulnerability and have them reach back to my server um I can see it in the server logs which again persist. Whereas with python, once I kill that that python module is done, it's over. Yeah. The other thing I was having trouble with was the fact that on the victim host I couldn't put things onto my server, I couldn't get things from the victim back onto my machine. Well I saw that by this guy's great. Git hub fei fei beyond where you can use this script simply should be put server I called it. Where as you can see I'm issuing a command from my from my host my mac. I'm doing curl tack T passwords. I'm putting that password file onto my server in Cali. And you can see it shows up on my desktop there because that's where I set up my my server here. So it shows up on my desktop. So that's the way to be able to put files from your victim machine onto your Cali box.
Yeah if you're on a windows box they usually don't have curl or w get um you'll have to use cert util which is also used for hashing and also used for grabbing files. So here is the syntax to use search util to grab files from your your Cali machine. Also with power show you can do that as well to get files download files. You can also execute them in a single line of power shell. I go ahead and research that if I were you if if that's something that you want to do, like, let's say you want to download and execute Herbal, you can download it and also execute it with the same line of power shell. So on Lenox boxes, they should have W get and curl and what we're doing is we're using w get.
You can also use that against FTP in addition to http. But you would use that to grab a file from a web server or an FTP server with W get and the web server with curl. You can also use FTp. I can set up an FTP server on my Cali box by using pip, install pie FTp. D lib. You can see the tack w there have attacked W So it's a rideable share on port 21. So I'm allowing I'm allowing the ability to write to my FTP server there. SMB I am packet is so great with Windows boxes. Um so I can set up an SMB server locally on my machine. So what I did in this case is I create and execute Herbal on my Cali machine and I'm executing it directly from the victim box. So you can see on the victim and the victim box in an administrator console. And all I do is is the two slashes and my Cali box. And I execute the script and you can see what happens is I get a shell, so I don't even have to put that execute Herbal onto the Windows box.
I can execute it directly from my machine. Using I am packet SMB server, Net Cat. You can also use Net Cat to send to send files. I use this in a CTF just recently, uh where I use Net Cat. Nothing else seemed to work. I try to use secure copy, which will see, but that didn't work. So I use Net Cat because I knew both boxes, Annette Cat on it, and that's how I transfer the file. Yeah. And secure copy of course, you need to have ssh with the ability to ssh onto that machine. Um so you can transfer files to your Cali box onto their box or from their box onto your box. And you'll see here is an example on the top is the victim host. So I'm using secure copy here and exfiltrate in this secret file onto my Cali box in the temp directory. And then on the bottom you can see I'm using secure copy uh to grab that file from the Victim host onto uh into that directory that I've specified with the dot. So just different ways to grab a file from the Victim or directly from our Cali host. Yeah, So in summary, we should now understand the various methods to transfer files to and from Cali.