cURL is a computer
software project providing a library and command-line tool
for transferring data using various protocols.
CURL is simply awesome because
of the following reasons...
·
CURL is an easy to use command line tool to send
and receive files, and it supports almost all major protocols(DICT, FILE, FTP,
FTPS, GOPHER, HTTP, HTTPS, IMAP,
IMAPS, LDAP, LDAPS,
POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP) in
use.
·
Can be used inside your shell scripts with ease
·
Supports features like pause and resume of
downloads
·
It has around 120 command line options for
various tasks
·
It runs on all major operating systems(More than
40+ Operating systems)
·
Supports cookies, forms and SSL
·
Both curl command line tool and libcurl library
are open source, so they can be used in any of your programs
·
It supports configuration files
·
Multiple upload with a single command
·
Progress bar, rate limiting, and download time
details
·
IPV6 Support
CURL comes by default installed
in most of the distributions. If you do not have curl tool installed, then it’s
a single apt-get (apt-get install curl) or yum (yum install curl) command.
For this tutorial we had used
“web for pentester” to support curl command. As you known this lab is
vulnerable against many website based attack therefore we had choose curl as
our weapon for attack.
Let’s begin!!
Command Injection Exploitation
You must be aware command injection vulnerability which
allows to execute OS based arbitrary command, type following command to check
directory list in targeted system:
Curl
“http://192.168.0.16/commandexec/example1.php?127.0.0.1;ls”
From given below image you can
observe that it execute ping command as well as ls command, as result we found three PHP files in this directory.
Download File from URL
Curl is also use for download
the data from any website or host machine, following command will download
putty.exe file from website.
Curl -O https://the.earth.li/~sgtatham/putty/latest/putty.exe
HTTP Headers
Curl is use for identify HTTP
method which helps in http verb tempering, type following command:
Curl -v -X http://www.google.com
From given below image you can
perceive that only GET and HEAD methods are allowed on Google.
File Inclusion
This vulnerability allows an attacker to include a file
on the web server, use following curl command to exploit it
Curl
http://192.168.0.16/fileincl/example.php?page=etc/passwd
Hence you can observe that we found data from inside etc/passwd
HTTP Authentication
HTTP
Authentication is use to inform the server user’s username and password so that
it can authenticate that you're allowed to send the request you're sending.
Curl is use HTTP Basic authentication. Now type following command which
required username and password for login into website through curl.
Curl -data “uname=test&pass=test”
http://testphp.vulnweb.com/userinfo.php
If you will notice given below image carefully you can
observe that following code contains user information inside the table such as Email-ID, phone number, address and
etc.
File Upload
Upload option inside in
website allow uploading of any image or text on that particular website, for
example uploading any image on facebook.
Use curl command to upload the putty.exe file on targeted system.
Curl -F ‘image=@/root/Desktop/putty.exe’
http://192.168.0.16/upload/example1.php
Great! You can
read the highlighted text is indicating towards directory “/upload/images/putty.exe” where file has been successfully
uploaded.
Open above given directory in browser as 192.168.0.16/upload/images/
Awesome! From
given below you can see putty.exe is uploaded
0 comments:
Post a Comment