Downloading Files

The download command supports 2 arguments, the primary argument is a necessary argument which takes the path of the file that you want to download and the second argument is an optional argument which takes in the bytes of data you want to send out in every request. There could be scenarios during your Red Team engagement where you end up dealing with a proxy server which limits the amount of data that you send out in a post request. So, by lowering the amount of size, you can send smaller chunks of data in every request. The below figure shows that 8192 bytes are being sent out on every request.

All file downloads are custom encrypted and use syscalls to read the files from disk to avoid any sort of DLP protection.

The maximum size of data per request is also limited by the bandwidth of the ISP and also the type of infra the remote host is located in. Its always better to use small chunks of data such as 512kb or 1MB to lower the attention that you might get during exfiltration. The download command shows you the percentage of download every time it sends some data.

The stop_downloads command can be used to stop all the downloads in progress. The downloaded data can be viewed/downloaded by selecting Server->View Downloads. Text files and images can be viewed within the Commander itself, however other files would need to be downloaded from the server by right clicking and downloading the respective file from the Server->View Downloads section.