Academy -> File Transfer Module -> Windows File Transfer Methods

Hi

I have a question on the task #2:

“Upload the attached file named upload_win.zip to the target using the method of your choice. Once uploaded, RDP to the box, unzip the archive, and run “hasher upload_win.txt” from the command line. Submit the generated hash as your answer.”

I was able to upload the archive only via RDP session itself - however this clearly violates the task. Can you please share other possible ways for uploading the file ?

Thank you and Best Regards

Use a web service like Wetransfer.com or Jirafeau

Thanks for the suggestion.

The module’s section describes several PS-based approaches (PowerShell File Uploads + Bitsadmin) in order to upload files. I tested but they do not seem to be working - did they work out for you ?

No, because I use the pwnbox and it is unreachable from my pc where I downloaded the zip. So I had to use that services

I just found a solution for us, you can’t upload files to the windows virtual machine in the usual way but we can indirectly upload the upload_win.zip file to the windows server, what you need to do is:

  1. encode the file upload_win.zip with the system you used to upload it using base64
  2. copy the base64 string you just got and use the following command at the parrot-htb virtual machine to get the original .zip file:
    echo <base64_value> | base64 -d -w 0 > upload_win.zip
    3)you run http server service at parrot virtual machine
    4)RDP to the window virtual machine and download the file upload_win.zip from the parrot virtual machine by the command in module
    ==> you got it