[ Beneath the Waves ]


article and software by Ben Lincoln


I hacked this script together while I was taking Offensive Security's outstanding Penetration Testing with Kali Linux training in late 2014/early 2015.

Older versions of Windows® (prior to PowerShell being installed by default) do not include a good way to trigger command line-based downloading of files from HTTP servers. While Server 2003, Windows XP, and earlier are quite old now, it is likely that they'll be encountered in penetration tests for many years to come. VBScript runs on just about any version of Windows, so this script is written in that language.

I originally named it wget.vbs, but that unfairly implies that it has a lot more functionality than it actually does, and implies a relationship with that Linux tool that does not exist (other than that this one also downloads files via HTTP).

It's quite basic, but I've found it very handy ever since. If one can obtain OS command execution on a Windows® target, this script will almost certainly allow binary payloads to be copied over from somewhere. It's even short enough to be "uploaded" via manual copy/pasting into a remote shell, e.g.:

echo Set xml = CreateObject("Microsoft.XMLHTTP") > wg.vbs

echo xml.Open "GET", WScript.Arguments(0), False >> wg.vbs

...and so on.

I typically use wg.vbs as a "stager" to get an encoded Meterpreter executable onto the target.

A modified version is also included in the zip file which uses Chr() calls to avoid the inclusion of any quote marks in the script, for situations where the upload/file-creation mechanism will not permit such characters to be used.


cscript -nologo wg.vbs SOURCE_URL LOCAL_FILE_PATH

...e.g. the following command will download the StatisticalAudio0.3.zip file from this site as a file with that same name in the working directory from where the script is called:

cscript -nologo wg.vbs http://www.beneaththewaves.net/Downloads/StatisticalAudio0.3.zip StatisticalAudio0.3.zip

File Size Version Release Date Author
wg.vbs 13 KiB 1.0 2015-08-23 Ben Lincoln
[ Page Icon ]