Using some phpbb exploits I can run any command on my friends freeBSD server, but there aren't any transfer commands available. One way to get the files is by copying them to the htdocs folder and then downloading them, but that is often not a viable option.

Basically I send a request to the server and the server executes that request and the output is displayed on the webpage.

Ok, so there are some interesting files of type [data] that I want to examine using my computer. Unfortunately I don't have the knowledge required to make this work.

I have tried [cat file], [dd if=file], and [hexdump file] and then I have to copy off the webpage source the output of those commands.

Is there a way I can ouput the binary of a file? Then it would be easy to retrieve the 0's and 1's out of the source and recreate the file on my computer for examining.

Any suggestions or other methods?

Depending, but couldnt you simply zip the files ?

Using gzip / tar / bzip2 ?

Probably have to be abit careful with the gzip because some extensions will actually get ran, ie .html.gz will just be displayed like a html but will be transfered to you zipped....

I thought so too and tried that already using a variety of options..

The problem is that only the ouput of the command is returned.. and it is returned to a specific portion of the site via the $poster variable.

So there is no object... its only the output that is displayed on the page. So I need a method for creating output that I can then save on my computer as the original file instead of binary or hex or whatever.

NOTE: using nix for this.

You should be able to use fopen or fread and output it and mess with the headers to use a content-type like "application/force-download"