0

We have a unique situation whereby we are going to be hosting a website within a company's private network. They have given me RDC access.

However, the remote machine has no internet access, so I am connecting to a server that does using Putty. From here I am trying to connect to a server that is temporarily hosting the files and download them via ftp, using wget.

Here's what I'm running:

sudo wget --ftp-user=MYUSERNAME --ftp-password=MYPASSWORD myurl.net

The connection is OK, yet as soon as it hits some code like a require statement or a WordPress function, the download stops and the a single file containing a fatal error message is all that has been downloaded.

Is there a way to simply download the files, without wget attempting to actually run the code?

Here's an example of an error I get (this was after directly stating to download the header.php file - it doesn't get this far just stating the directory):

enter image description here

C Ivemy
  • 101
  • 3
  • 3
    I very much doubt that wget tries to execute any code since it has no idea how to execute it anyway. And why need wget to be run with sudo? If you need to have the local files to be owned by root better only do a chown afterwards instead of running some network program with high privileges. – Steffen Ullrich Mar 02 '17 at 15:57
  • See updated answer with image re: not running code – C Ivemy Mar 02 '17 at 16:03
  • 1
    Why don't you zip the files up and download that single file? – ceejayoz Mar 02 '17 at 16:04
  • 4
    You're getting that error in the screenshot because WordPress theme files like `header.php` aren't supposed to be accessed directly. You've also got the problem that using wget is fetching the *rendered HTML*, not the underlying PHP code. **This approach will not work.** – ceejayoz Mar 02 '17 at 16:07
  • 4
    @CIvemy: I see that your title says `wget` but your actual command is `wpget`. These are completely different tools: `wget` will just download data and not execute anything while `wpget` is a PHP program which will try to access a wordpress database (not ftp). I think you simply use the wrong tool but you think you are using the correct one. In this case it is even worse that you are running with sudo. – Steffen Ullrich Mar 02 '17 at 16:10
  • @SteffenUllrich sorry no that was a typo, I'm using wget. Out of interest what's wrong with running it with sudo? – C Ivemy Mar 02 '17 at 16:58
  • @ceejayoz - is that default wget behaviour? even with the ftp options? – C Ivemy Mar 02 '17 at 16:59
  • 2
    @CIvemy: `wget` defaults to `http` and if you don't give it an `ftp://` URL, it will just ignore the FTP options. Also, it doesn't work recursively if you don't tell it to do so.... – Sven Mar 02 '17 at 17:01
  • @CIvemy Yes, that's default wget behavior. wget is the wrong tool for this job. – ceejayoz Mar 02 '17 at 17:11
  • @CIvemy: about sudo: imagine wget had a bug which might result in code execution or writing of arbitrary files (like in CVE-2014-4877) when accessing a specific site. Then compare the security impact of such a bug if you run wget as a normal user or as root using sudo and you will hopefully realize what the problem with sudo is. – Steffen Ullrich Mar 02 '17 at 17:20

0 Answers0