Using wget to download dangerous files

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help
Post Reply
miclis
Level 1
Level 1
Posts: 19
Joined: Thu Nov 03, 2016 3:36 pm

Using wget to download dangerous files

Post by miclis » Sun Jan 21, 2018 9:14 am

Hello,

I need a method by which I would be able to securely download potentially malicious files from the Internet into my hard drive. Very often, that would be a pdf or docx file and I need a method to download it without opening or executing it.
I thought, that wget might be a good solution. I'd just type something like "wget abc.com/suspicious.pdf" to download a suspicious file sample. However, I wonder, whether this method is 100% secure. Could you tell me if this method if safe and/or suggest me other methods to securely download malicious files into a computer? For both, Linux and Windows platforms.

Cosmo.
Level 23
Level 23
Posts: 17829
Joined: Sat Dec 06, 2014 7:34 am

Re: Using wget to download dangerous files

Post by Cosmo. » Sun Jan 21, 2018 10:03 am

The 100 % secure method: Do not download suspicious files.

User avatar
kc1di
Level 13
Level 13
Posts: 4736
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Using wget to download dangerous files

Post by kc1di » Sun Jan 21, 2018 10:08 am

it really does not matter what you use it's not the download that is the problem it's when you veiw the file. You can set most down loaders to not open files automatically.
Best advise don't put such files on your HD. download to a virtual partition or folder. or to a firejail environment. https://firejail.wordpress.com
Easy tips : https://sites.google.com/site/easylinuxtipsproject/
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608

User avatar
Pepi
Level 5
Level 5
Posts: 722
Joined: Wed Nov 18, 2009 7:47 pm

Re: Using wget to download dangerous files

Post by Pepi » Sun Jan 21, 2018 11:05 am

I totally agree with Cosmos BUT if your doing what I think due to your job, this is what I use to do. I would setup a USB drive with only your access. Then I would download the file(s) to it and then upload them to an online virus scanner. https://www.virustotal.com/#/home/upload

Safe :?: Maybe not ... but I never had any problems doing this in my IT career

miclis
Level 1
Level 1
Posts: 19
Joined: Thu Nov 03, 2016 3:36 pm

Re: Using wget to download dangerous files

Post by miclis » Sun Jan 21, 2018 12:00 pm

Thank you for your responses.

I know, that the best idea is to stay clear of any malware, however, in my job, sometimes I have to deal with suspicious files and to perform basic analysis. I know and use VirusTotal and other well-known tools like that, but VT is good to verify whether the file is malicious or not. It won't help me checking what the malware does or to which host it tries to connect. I have got some tools to analyze pdf or docx files (peepdf, Didier Stevens scripts etc.) but before I analyze it I have to securely download it on my machine.
Do not worry, I'm not going to execute malicious files on my system directly, all I want to do is a static analysis.

User avatar
thx-1138
Level 6
Level 6
Posts: 1251
Joined: Fri Mar 10, 2017 12:15 pm
Location: Athens, Greece

Re: Using wget to download dangerous files

Post by thx-1138 » Sun Jan 21, 2018 12:17 pm

miclis wrote:...I wonder, whether this method is 100% secure. Could you tell me if this method if safe and/or suggest me other methods to securely download malicious files into a computer? For both, Linux and Windows platforms.
This =>
Cosmo. wrote:The 100 % secure method: Do not download suspicious files.
It can be ridiculously easy that the site serves you different files depending on the application, http headers and url referrals used to access it. And although harder to achieve, it can still also be that they have private exploits in their arsenal to compromise the app of your choice that you used to access their servers (that includes wget / curl as well, after all, they're very widely used apps). There are automated kits for such tasks sold in the underground market for a few hundred $ since many years now, so such cases aren't really that much uncommon. So, 100% secure doesn't exist - for such, use a dedicated spare system (as AV companies supposedly still do).

Petermint
Level 4
Level 4
Posts: 461
Joined: Tue Feb 16, 2016 3:12 am

Re: Using wget to download dangerous files

Post by Petermint » Tue Jan 23, 2018 1:44 am

When you download the file and treat it safely, someone else might click on it to view it. :oops:

User avatar
Pepi
Level 5
Level 5
Posts: 722
Joined: Wed Nov 18, 2009 7:47 pm

Re: Using wget to download dangerous files

Post by Pepi » Wed Jan 24, 2018 3:37 pm

Petermint wrote:When you download the file and treat it safely, someone else might click on it to view it. :oops:

I've had people at work send out an email to our whole work force with an attachment telling them it look suspicious :roll:

User avatar
MtnDewManiac
Level 6
Level 6
Posts: 1390
Joined: Fri Feb 22, 2013 5:18 pm
Location: United States

Re: Using wget to download dangerous files

Post by MtnDewManiac » Sun Feb 04, 2018 3:12 pm

If it's for your job, just buy a barebones (or "very" used) computer and claim it on your taxes, since it is a business expense. Unless you are working for someone else, of course, in which case have them purchase it.

Don't use the computer for anything other than the task you're discussing in this thread. Then... who cares what the file does, lol?

The best sandbox, IMHO, is a completely separate (and independent) computer.

Regards,
MDM
Mint 18 Xfce 4.12.

If guns kill people, then pencils misspell words, cars make people drive drunk, and spoons made Rosie O'Donnell fat.

Post Reply

Return to “Other topics”