-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurlCommands-SANS
282 lines (202 loc) · 10.9 KB
/
curlCommands-SANS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
GPT dump from holiday hack challenges:
1) Unlike the defined standards of a curling sheet, embedded devices often have web servers on non-standard ports. Use curl to retrieve the web page on host "curlingfun" port 8080.
If you need help, run the 'hint' command.
ChatGPT said:
ChatGPT
To use curl to retrieve the web page from the host curlingfun on port 8080, use the following command:
bash
Copy code
curl http://curlingfun:8080
Explanation:
curl: The command-line tool used to make HTTP requests.
http://curlingfun:8080:
http://: Specifies the protocol (HTTP in this case).
curlingfun: The hostname of the target device.
:8080: Specifies the non-standard port number (8080 in this case).
This will fetch the web page hosted on curlingfun on port 8080 and display its content in your terminal. Let me know if you encounter any issues!
You said:
2) Embedded devices often use self-signed certificates, where your browser will not trust the certificate presented. Use curl to retrieve the TLS-protected web page at https://curlingfun:9090/
ChatGPT said:
ChatGPT
To use curl to retrieve the TLS-protected web page from https://curlingfun:9090/ (even though it uses a self-signed certificate), you can bypass the certificate validation using the -k or --insecure flag.
Here’s the command:
bash
Copy code
curl -k https://curlingfun:9090/
Explanation:
curl: Command-line tool to make HTTP/HTTPS requests.
-k or --insecure: This flag tells curl to ignore certificate validation, which is necessary for self-signed certificates.
https://curlingfun:9090/:
https://: Specifies the protocol (HTTPS).
curlingfun: The hostname of the target device.
:9090: Specifies the non-standard port number (9090 in this case).
/: Refers to the root web page.
This command retrieves the content of the page despite the self-signed certificate. Let me know if you need further help!
You said:
If you need help, please remember to run "hint" for a hint!
alabaster@curlingfun:~$ curl -k http://curlingfun:9090
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
alabaster@curlingfun:~$ curl -k http://curlingfun:9090/
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
alabaster@curlingfun:~$ curl -k http://curlingfun:9090/
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
alabaster@curlingfun:~$
ChatGPT said:
ChatGPT
The error message indicates that the server expects an HTTPS request, but you are making an HTTP request. Since port 9090 is configured for HTTPS, you need to ensure that the curl command specifies https:// instead of http://.
Here’s the correct command:
bash
Copy code
curl -k https://curlingfun:9090/
Explanation:
Problem: You were using http:// for a port configured to accept only HTTPS requests. The server rejected the request with a 400 Bad Request error.
Solution: Use https:// in the URL since the server is expecting an HTTPS connection.
This should correctly retrieve the TLS-protected web page. If you still face issues, you can use the hint command for additional guidance. Let me know if you need more help!
You said:
3) Working with APIs and embedded devices often requires making HTTP POST requests. Use curl to send a request to https://curlingfun:9090/ with the parameter "skip" set to the value "alabaster", declaring Alabaster as the team captain.
ChatGPT said:
ChatGPT
To make an HTTP POST request using curl and send the parameter skip=alabaster to the URL https://curlingfun:9090/, use the following command:
bash
Copy code
curl -k -X POST -d "skip=alabaster" https://curlingfun:9090/
Explanation:
-k: Ignores certificate validation (necessary for self-signed certificates).
-X POST: Specifies the HTTP method as POST.
-d "skip=alabaster": Sends the data as the body of the POST request, with the parameter skip set to alabaster.
https://curlingfun:9090/: The target URL for the POST request.
This command sends the required parameter to declare Alabaster as the team captain. Let me know if you need further clarification or assistance!
You said:
4) Working with APIs and embedded devices often requires maintaining session state by passing a cookie. Use curl to send a request to https://curlingfun:9090/ with a cookie called "end" with the value "3", indicating we're on the third end of the curling match.
ChatGPT said:
ChatGPT
To send a request with a cookie using curl, you can use the -b flag to include the cookie in the request. Here's the command for your specific case:
bash
Copy code
curl -k -b "end=3" https://curlingfun:9090/
Explanation:
-k: Ignores SSL certificate validation (necessary for self-signed certificates).
-b "end=3": Sends a cookie named end with the value 3.
https://curlingfun:9090/: The target URL for the request.
This command passes the cookie end=3 to indicate the third end of the curling match. Let me know if you need further assistance!
You said:
5) Working with APIs and embedded devices sometimes requires working with raw HTTP headers. Use curl to view the HTTP headers returned by a request to https://curlingfun:9090/
ChatGPT said:
ChatGPT
To view the HTTP headers returned by a request using curl, you can use the -I or --head option, or use -v for detailed output. Here’s the command:
bash
Copy code
curl -k -I https://curlingfun:9090/
Explanation:
-k: Ignores SSL certificate validation for self-signed certificates.
-I or --head: Fetches only the headers of the response without the body.
https://curlingfun:9090/: The target URL for the request.
Alternatively, for more verbose output, including the headers:
bash
Copy code
curl -k -v https://curlingfun:9090/
Verbose Option (-v):
This shows both the request headers sent by curl and the response headers from the server.
Let me know if you need help interpreting the headers or any additional details!
You said:
6) Working with APIs and embedded devices sometimes requires working with custom HTTP headers. Use curl to send a request to https://curlingfun:9090/ with an HTTP header called "Stone" and the value "Granite".
ChatGPT said:
ChatGPT
To send a custom HTTP header using curl, you can use the -H flag. Here’s the command for your specific case:
bash
Copy code
curl -k -H "Stone: Granite" https://curlingfun:9090/
Explanation:
-k: Ignores SSL certificate validation for self-signed certificates.
-H "Stone: Granite": Specifies the custom HTTP header Stone with the value Granite.
https://curlingfun:9090/: The target URL for the request.
This command includes the Stone: Granite header in the HTTP request. Let me know if you need any additional help!
You said:
7) curl will modify your URL unless you tell it not to. For example, use curl to retrieve the following URL containing special characters: https://curlingfun:9090/../../etc/hacks
ChatGPT said:
ChatGPT
To prevent curl from modifying a URL containing special characters, you can enclose the URL in single quotes. Here's the correct command:
bash
Copy code
curl -k 'https://curlingfun:9090/../../etc/hacks'
Explanation:
-k: Ignores SSL certificate validation for self-signed certificates.
Single quotes ('): Ensure that the URL, including special characters like .., is passed exactly as written without shell interpretation or modification by curl.
https://curlingfun:9090/../../etc/hacks: The specific URL to retrieve.
This will send the request exactly as specified, including the ../../etc/hacks part of the URL. Let me know if you encounter any issues!
You said:
alabaster@curlingfun:~$ curl -k -H "Stone: Granite" https://curlingfun:9090/
You have successfully set a custom HTTP header!
alabaster@curlingfun:~$ curl -k 'https://curlingfun:9090/../../etc/hacks'
These are not the hacks you're looking for...
alabaster@curlingfun:~$ curl -k 'https://curlingfun:9090/../../etc/hacks'
These are not the hacks you're looking for...
alabaster@curlingfun:~$
ChatGPT said:
ChatGPT
The server's response, "These are not the hacks you're looking for…", suggests that the server is actively protecting against directory traversal attempts or doesn't expose sensitive files in this manner. It might also be a custom response to dissuade such queries.
If you're certain the goal is to test curl without modification of the URL, you've executed the command correctly:
bash
Copy code
curl -k 'https://curlingfun:9090/../../etc/hacks'
This ensures the exact URL, including ../../etc/hacks, is sent as specified.
Next Steps:
If you're expected to get a specific response or explore further:
Try altering the path: The server might only respond to certain paths, so try variations.
bash
Copy code
curl -k 'https://curlingfun:9090/../hacks'
Check headers or cookies: The server might expect additional context through headers or cookies for this request.
Run hint if allowed: If you’re stuck, running the hint command might clarify expectations.
Let me know if you need help interpreting server behavior or crafting additional requests!
You said:
alabaster@curlingfun:~$ curl -k -H "Stone: Granite" https://curlingfun:9090/
You have successfully set a custom HTTP header!
alabaster@curlingfun:~$ curl -k 'https://curlingfun:9090/../../etc/hacks'
These are not the hacks you're looking for...
alabaster@curlingfun:~$ curl -k 'https://curlingfun:9090/../../etc/hacks'
These are not the hacks you're looking for...
alabaster@curlingfun:~$ curl -k 'https://curlingfun:9090/../hacks'
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
alabaster@curlingfun:~$
[Curling Fun]> < [XXXXXXXXX
please reread and try again: 7) curl will modify your URL unless you tell it not to. For example, use curl to retrieve the following URL containing special characters: https://curlingfun:9090/../../etc/hacks
ChatGPT said:
ChatGPT
The issue here is ensuring curl sends the URL exactly as written, without URL encoding or modification. You can use the --path-as-is flag to achieve this. This flag ensures that curl does not modify the path part of the URL, even if it contains special characters like ...
Correct Command:
bash
Copy code
curl -k --path-as-is 'https://curlingfun:9090/../../etc/hacks'
Explanation:
-k: Bypasses certificate validation for self-signed certificates.
--path-as-is: Ensures that the path is sent exactly as written, without encoding or sanitization by curl.
'https://curlingfun:9090/../../etc/hacks': The exact URL containing special characters.
This command will send the request as intended. Let me know if this resolves your issue!