Downloading files from the command line is routine tasks for most security professionals. For defenders, the Windows Schedule, SIM management interfaces, Web interfaces for appliances often allow you to schedule a single command for execution. The offensive folks who exploit a command injection vulnerability often need a simple way to download and execute code in a single line. Or perhaps your just need a simple, cross platform, line of code to add to your existing management script. In all of these situations, having a single cross platform command you can run to download files form the internet is essential. If there is a Python interpreter on your system you can easily download files with the following one line command.
python -c 'import urllib2;print urllib2.urlllopen("http://<url to download>").read()' | tee /tmp/<local filename to write>
If you want to execute the code after the download you just need to add a semicolon and execute the command.
python -c 'import urllib2;print urllib2.urlllopen("http://<url to download>").read()' | tee /tmp/<local filename to write> ; /tmp/<local filename to execute>
The script shown is compatible with Python 2 and won’t work on systems that have Python 3 as the default Python interpreter. Today the majority of systems, in compliance with PEP 394, still use Python 2 as the default interpreter, but it won’t be too much longer before Python 3 is the default. If you are unsure which version of Python your system is using you can run the following command to check.
$ python --version Python 2.7.12
For those running Python 3, here is a script you can use to that is compatible with your system.
python3 -c 'import urllib.request; urllib.request.urlretrieve("http://<url to download","/tmp/<local filename>")'
Upcoming SANS Special Event – 2018 Holiday Hack Challenge
SANS Holiday Hack Challenge – KringleCon 2018
- Free SANS Online Capture-the-Flag Challenge
- Our annual gift to the entire Information Security Industry
- Designed for novice to advanced InfoSec professionals
- Fun for the whole family!!
- Build and hone your skills in a fun and festive roleplaying like video game, by the makers of SANS NetWars
- Learn more: www.kringlecon.com
- Play previous versions from free 24/7/365: www.holidayhackchallenge.com
- “On to level 4 of the #holidayhackchallenge. Thanks again @edskoudis / @SANSPenTest team.” – @mikehodges
- “#SANSHolidayHack Confession – I have never used python or scapy before. I got started with both today because of this game! Yay!” – @tww2b
- “Happiness is watching my 12 yo meet @edskoudis at the end of #SANSHolidayHack quest. Now the gnomes #ProudHackerPapa” – @dnlongen