File Transfers Medium
During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging tools commonly available across all versions of Windows and Linux systems.
Created by mrb3n
Co-Authors: egre55, ippsec
This module introduces various methods for transferring files both from and to target Windows and Linux systems. The module relies on "living off the land" techniques or using built-in operating system utilities to our advantage. Operating systems and security monitoring capabilities can vary greatly across environments. The techniques covered in the module sections will prepare us for many scenarios in which we need to download a tool or file to a system or retrieve a file from a remote system for analysis on our attack box.
In this module, we will cover:
- File transfer methods
- Web servers
- Common methods of detection
- Evading detection
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Medium" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Networking Fundamentals
- Linux Fundamentals
- Web Requests
- File Transfers
- Windows File Transfer Methods
- Linux File Transfer Methods
- Catching Files over HTTP/SMB
- Miscellaneous File Transfer Methods
- Protected File Transfers
- Evading Detection