FILE TRANSFERS - Windows File Transfer Methods

Hello

I’ve just completed the first task on the file ‘transfers modules’ titled ‘Windows File Transfer Methods’. Whilst i got through it, I think I might have missed the point on the second challenge so I’d be grateful for any feedback. The second challenge reads:

Upload the attached file named upload_win.zip to the target using the method of your choice. Once uploaded, RDP to the box, unzip the archive, and run “hasher upload_win.txt” from the command line. Submit the generated hash as your answer.

I completed it by hosting a server on my Linux machine then RDP’ing onto the target windows box and downloading ‘upload_win.zip’ onto the box. (The remaining unzipping and hashing part of the challenge was straightforward).

However, the question implies I should have uploaded the file to the target box first and THEN RDP’ed to the box. I just could not find a method to upload a file onto the box without first RDP’ing onto it.

Did I miss the point? Is there a way to upload the file before RDP’ing onto the box?

Thanks for any feedback in advance.

John

Hi @johneverist,
did you receive any reply to your question ?

I’m facing the same doubt here. I transfered the file simply via RDP - however I believe I might be missing here on something.

Thanks for clarifying.

Carlo

I just found a solution for us, you can’t upload files to the windows virtual machine in the usual way but we can indirectly upload the upload_win.zip file to the windows server, what you need to do is:

1. encode the file upload_win.zip with the system you used to upload it using base64
2. copy the base64 string you just got and use the following command at the parrot-htb virtual machine to get the original .zip file:
   echo <base64_value> | base64 -d -w 0 > upload_win.zip
   3)you run http server service at parrot virtual machine
   4)RDP to the window virtual machine and download the file upload_win.zip from the parrot virtual machine by the command in module
   ===> you got it

That was a good idea, another option would be to:

1-Go to a site like this File to Base64 Converter - Encode Files to Base64 - Online - Browserling Web Developer Tools to encode the file and copy the string.
2-Go RDP to the Windows machine using xfreerdp /u:htb-student /size:50%h /v:IP_Address
3-Create a new text file upload.txt and paste the string.
4-user certutil -decode upload.txt upload.zip
5-unzip upload.zip
6-run hasher upload_win.txt

Well, I guess the question is poorly worded then, it doesn’t seem possible to send a file to a system you do not control.
Everyone seems to RDP into the machine first and only then download the file.

Good afternoon from Spain! After typing the xfreerdp command I get “No protocol specified” error… Any hints? I have tried several things

try using flags to customize your login attempt

hint: think of different ways you’re able to run commands on a windows server.

I had that issue as well until I ran the scenario from my own VM.

So, what I did is i went to https://www.base64encode.org/ in order to encode the file. Once when you got the file on the Windows Machine run following command → certutil -decode input.txt output.txt.Replace “input.txt” with the name of the Base64-encoded file you want to decode, and replace “output.txt” with the name of the file you want to save the decoded content to. Then, by following the guidelines from the problem text we can use following command hasher output.txt. The string we got should be the answer.

hint: the file HAVE TO BE the downloaded one (from htb site), not a new copy and paste version

This would be great if the hasher command actually worked. Powershell keeps saying that the command is not found

What error are you getting? Can you post the command and output?

try windows command prompt

“Upload the attached file named upload_win.zip to the target” How is what ur doing remotely close to this?

“User does not have permission to read the file.” when attempting to use hasher on the moved folder.