File Transfer
Base64
Encode
Decode
Note: While this method is convenient, it's not always possible to use. Windows Command Line utility (cmd.exe) has a maximum string length of 8,191 characters. Also, a web shell may error if you attempt to send extremely large strings.
# Windows
[IO.File]::WriteAllBytes("C:\Users\Public\<File_Name>", [Convert]::FromBase64String("<Base64_Output>"))
PowerShell
Most companies allow HTTP and HTTPS outbound traffic through the firewall to allow employee productivity.
| Method | Description |
|---|---|
| OpenRead | Returns the data from a resource as a Stream. |
| OpenReadAsync | Returns the data from a resource without blocking the calling thread. |
| DownloadData | Downloads data from a resource and returns a Byte array. |
| DownloadDataAsync | Downloads data from a resource and returns a Byte array without blocking the calling thread. |
| DownloadFile | Downloads data from a resource to a local file. |
| DownloadFileAsync | Downloads data from a resource to a local file without blocking the calling thread. |
| DownloadString | Downloads a String from a resource and returns a String. |
| DownloadStringAsync | Downloads a String from a resource without blocking the calling thread. |
PowerShell DownloadString - Fileless Method
# Windows (Fileless Method)
(New-Object Net.WebClient).DownloadFile('<Target_File_URL>','<Output_File_Name>')
Another error in PowerShell downloads is related to the SSL/TLS secure channel if the certificate is not trusted. We can bypass that error with the following command:
PowerShell Invoke-WebRequest
From PowerShell 3.0 onwards, the Invoke-WebRequest cmdlet is also available, but it is noticeably slower at downloading files.
SMB
We need to create an SMB server in our Pwnbox with smbserver.py from Impacket and then use copy, move, PowerShell Copy-Item, or any other tool that allows connection to SMB.
Start Server
Copy a File from the SMB Server
New versions of Windows block unauthenticated guest access, as we can see in the following command: