Download files with certutil -urlcache

Discussion forum for all Windows batch related topics.

Moderator: DosItHelp

Post Reply
Message
Author
siberia-man
Posts: 208
Joined: 26 Dec 2013 09:28
Contact:

Download files with certutil -urlcache

#1 Post by siberia-man » 25 Oct 2021 03:10

Today accidentally I knew about the command that acts as a downloader:

Code: Select all

certutil -urlcache -split -f URL FILE
Reading documentation doesn't make its understanding clearer. I slightly played with the command and found that the "-split" option is not necessary and downloading works fine as well:

Code: Select all

certutil -urlcache -f URL FILE
I have a few questions:
-- is it really reliable method to download any file (the first form, or second one or both)?
-- are there any restrictions in using this tool?

ShadowThief
Expert
Posts: 1166
Joined: 06 Sep 2013 21:28
Location: Virginia, United States

Re: Download files with certutil -urlcache

#2 Post by ShadowThief » 25 Oct 2021 07:16

You end up with three copies of the file and the target folder has to exist, but other than that I'm not aware of any limitations.

viewtopic.php?t=8485

siberia-man
Posts: 208
Joined: 26 Dec 2013 09:28
Contact:

Re: Download files with certutil -urlcache

#3 Post by siberia-man » 25 Oct 2021 09:34

Hmm... I recalled that I've seen this thread time ago.

About certutil -urlcache I found the only story in Russian that it's identified by Windows Defender as a trojan.

Original text and translated from Russian:
https://www.outsidethebox.ms/19362/ wrote: Злоумышленники любят использовать встроенные функции ОС для загрузки необходимых файлов на скомпрометированную систему. В данном случае угроза квалифицируется как Trojan:Win32/Ceprolad.A. Но пока есть обходной путь

Attackers like using builtin OS functions for downloading needful files onto compromised system. In this case the threat is qualified as Trojan:Win32/Ceprolad.A. However a workaround exists

penpen
Expert
Posts: 2009
Joined: 23 Jun 2013 06:15
Location: Germany

Re: Download files with certutil -urlcache

#4 Post by penpen » 12 Nov 2021 08:20

siberia-man wrote:
25 Oct 2021 03:10
-- is it really reliable method to download any file (the first form, or second one or both)?
-- are there any restrictions in using this tool?
The option "-split" might be needed depending on how the server you are downloading from answers your request.
If the file you want to get is send as an imbedded ASN.1 element, then "-split" is needed.

Beside that, after you have downloaded your file i suggest you to delete the url chache, before terminating the process that created the URL-cache (which essentially is at least one copy of your download in some windows directory, maybe two).

penpen

Post Reply