Recently, I needed to transfer a binary over a very limited network connection allowing only small packets to be sent. I ended up splitting the binary into pieces on my Linux box and reassembled the pieces on the target Windows host.
If, for some reason, you cannot use easier means like IP fragmentation and work with a smaller maximum transfer unit (MTU), here’s how to do the splitting and re-combining.
Split binary into pieces on Linux
Splitting a file into pieces on Linux is very straightforward – just use the
split program (man).
The following command will split
evil.exe into pieces of 1000 bytes, prefix them with
chunk and use a numeric suffix for each chunk.
split -b 1000 -d evil.exe chunk
So we will end up with something like this:
chunk00 chunk16 chunk32 chunk48 chunk01 chunk17 chunk33 chunk49 chunk02 chunk18 chunk34 chunk50 chunk03 chunk19 chunk35 chunk51 chunk04 chunk20 chunk36 chunk52 chunk05 chunk21 chunk37 chunk53 chunk06 chunk22 chunk38 chunk54 chunk07 chunk23 chunk39 chunk55 chunk08 chunk24 chunk40 chunk56 chunk09 chunk25 chunk41 chunk57 chunk10 chunk26 chunk42 chunk58 chunk11 chunk27 chunk43 chunk59 chunk12 chunk28 chunk44 chunk13 chunk29 chunk45 chunk14 chunk30 chunk46 chunk15 chunk31 chunk47
Now that we have our chunks, we can host them for the Windows machine to download.
Download from Windows
To download the individual chunks to the Windows host, let’s use a quick PowerShell one-liner with Invoke-WebRequest:
If all you have is a command prompt and cannot download the chunks directly, one idea is to convert the binary chunks into hex strings and then send these strings through the prompt of the shell you might have.
Combine the chunks
Now that we have all pieces to the puzzle, let’s assemble them into the self-contained binary we actually want, with
Get-FileHash evil.exe on the Windows host should now return the same hash as
shasum -a 256 evil.exe on Linux.