Pasar archivos de Linux (Kali) a Windows puede ser un problema durante un pentest. Claramente no puedes solo llegar con un USB ja.
Hoy les mostraré mi método favorito.
Usaremos Impacket más concretamente “impacket-smbserver” para hacer un share desde donde podemos transferir o hasta ejecutar archivos. Las opciones son:
root@kali:~/Desktop# impacket-smbserver Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation usage: smbserver.py [-h] [-comment COMMENT] [-username USERNAME] [-password PASSWORD] [-hashes LMHASH:NTHASH] [-debug] [-ip INTERFACE_ADDRESS] [-port PORT] [-smb2support] shareName sharePath This script will launch a SMB Server and add a share specified as an argument. You need to be root in order to bind to port 445. No authentication will be enforced. Example: smbserver.py -comment 'My share' TMP /tmp positional arguments: shareName name of the share to add sharePath path of the share to add optional arguments: -h, --help show this help message and exit -comment COMMENT share's comment to display when asked for shares -username USERNAME Username to authenticate clients -password PASSWORD Password for the Username -hashes LMHASH:NTHASH NTLM hashes for the Username, format is LMHASH:NTHASH -debug Turn DEBUG output ON -ip INTERFACE_ADDRESS, --interface-address INTERFACE_ADDRESS ip address of listening interface -port PORT TCP port for listening incoming connections (default 445) -smb2support SMB2 Support (experimental!)
Lo más sencillo durante un pentest es compartir todo tu root directory pero aja, es peligroso.
root@kali:~/Desktop# impacket-smbserver 'prueba' /
Para acceder desde windows puede ser desde el command line
C:\Users\victim>dir \2.16.138.129\prueba Volume in drive \2.16.138.129\prueba has no label. Volume Serial Number is ABCD-EFAA Directory of \2.16.138.129\prueba 11/11/2019 01:48 AM <DIR> . 11/11/2019 01:48 AM <DIR> .. 10/26/2019 03:53 PM <DIR> lib64 11/11/2019 12:26 AM <DIR> opt 09/16/2019 02:58 PM 24,932 index.html 10/26/2019 03:59 PM <DIR> sbin
o el GUI