Shulou(Shulou.com)06/02 Report--

This article mainly introduces "how to download files after linux infiltration series". In daily operation, I believe that many people have doubts about how to download files after linux infiltration series. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "how to download files after linux infiltration series". Next, please follow the editor to study!

Preparatory work

First of all, we need to set up a server, and the files to be downloaded are deployed on the server. The server I use is Kali Linux, the ip address is 192.168.8.111, and the controlled end is Centos,ip address 192.168.112.

The server side has been set up, and many download methods of Linux will be demonstrated later.

Download the file Wget

A tool for downloading files from the network (Linux comes with it, and Windows needs to be downloaded and installed on the official website, which is directly contrary to our download, so the Windows article does not mention it)

How to use it:

The first kind-- ordinary download

Wget http://192.168.8.111/test/test.txt

The second kind-- fake UA download

First of all, let's take a look at the UA downloaded normally.

Delete the test.txt file and download it again, enter the command:

Wget-user-agent= "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" http://192.168.8.111/test/test.txt

Then check the packets captured by Kali Linux's Wireshark

You can see that the UA has been successfully modified. In fact, wget still has many functions, but it does not need many ways to download the controlled computer, it only needs a simple download, and wget will only generate log files when it is downloaded in the background, which can be said to be a download artifact in Linux.

NC

NetCat, many features will not be introduced, briefly write down how to download through NC

How to use it:

Kali Linux input command: nc-lvp 8888

Test.txt

A blank will be displayed. In fact, the transmission has been completed and can be viewed by another terminal.

Then all you need is the terminal nc, and the transmission can be seen on the Kali Linux side.

Curl

A file transfer tool that uses URL syntax to work on the command line

How to use it:

Input command on the Centos side: curl-O http://192.168.8.111/test/test.txt (note: uppercase o)

You can see that the download is successful. The function of curl is the same as that of wget. You can also modify UA. This will not be demonstrated here.

SSH

A security protocol based on the application layer that provides security for remote login sessions and other network services

What you need to use this time is the scp command. Scp is a secure remote file copy based on SSH login, so you need to make sure that the SSH service is running normally.

Enter the command:

Service sshd start

You can see that it is in a normal running state.

How to use it:

The first one-- local to remote replication

Enter the command on the Kali Linx side:

Scp / var/www/html/test/test.txt root@192.168.8.112:/root

The first connection will ask if the authenticity of the remote host cannot be detected. If you need to continue to connect, you can enter yes. If you connect again, you will not ask.

Second-copy remote files locally

If you use Kali Linux as the server, you first need to modify the configuration file (SSH login is disabled for root users in the default Kali Linx), and enter the command:

Vim / etc/ssh/sshd_config, add a PermitRootLogin yes

Then restart the service.

Then enter the command on the Centos side:

Scp root@192.168.8.111:/var/www/html/test/test.txt / root

Rsync

Rsync is a mirror backup tool in Linux system, which can synchronize and copy files remotely. The default system comes with and runs.

How to use it:

The first kind-- remote synchronization

Enter the command on the Kali Linux side:

Rsync-r / var/www/html/test (directory of Kali Linux) 192.168.8.112:/var/www/html/ (directory where the remote host is synchronized)

Check the synchronized directory on Centos

You can see that the whole directory is synchronized.

The second kind-- using SSH

Kali Linux enter commands:

Rsync-av test.txt-e ssh root@192.168.8.112:/root

The-e option can specify commands, so it is actually a transmission using SSH

What is interesting is that Rsync can also list the directory of the remote host, and the command is: rsync 192.168.8.112var _ Rsync. The author has encountered a host without authorization to access HTML in a project site, and can even synchronize directly to get a high risk.

At this point, the study on "how to download files after linux infiltration series" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.