curl – WindowsTechs.com

FLOSS Weekly Episode 808: Curl – Gotta Download ’em All

Posted on November 6, 2024 by Jonathan Bennett

This week, Jonathan Bennett and Randal Schwartz chat with Daniel Stenberg about curl! How many curl installs are there?! What’s the deal with CVEs? How has curl managed to not …read more Continue reading FLOSS Weekly Episode 808: Curl – Gotta Download ’em All→

Getting Root on Cheap WiFi Repeaters, the Long Way Around

Posted on September 5, 2024 by Dan Maloney

What can you do with a cheap Linux machine with limited flash and only a single free GPIO line? Probably not much, but sometimes, just getting root to prove you …read more Continue reading Getting Root on Cheap WiFi Repeaters, the Long Way Around→

Trying to send a POST request using curl to a HTB machine

Posted on July 22, 2024 by urim260

I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I’m trying to send a POST request using curl with the command
curl –data "hckyou.txt" -X POST http://editorial.htb/upload
The POST request in "… Continue reading Trying to send a POST request using curl to a HTB machine→

Unable to login to Portswigger lab website with curl or javascript [closed]

Posted on March 21, 2024 by Maestro

I’m studying the basics of XSRF on Portswigger and I’ve completed Lab: CSRF vulnerability with no defenses with FireFox. I attempted to go a step further by completing the same lab from the terminal. However when I send a request to the se… Continue reading Unable to login to Portswigger lab website with curl or javascript [closed]→

How do I set up a secure .netrc for curl used in crontab job?

Posted on February 25, 2024 by KevinHJ

I have a cron job which runs a curl command using .netrc to provide authentication needed to access the url curl is using. However the credentials stored in .netrc are currently in plain text. The .netrc file has 600 permissions. Howeve… Continue reading How do I set up a secure .netrc for curl used in crontab job?→

Linux Fu: Curling C

Posted on February 15, 2024 by Al Williams

Sometimes, it pays to read the man pages of commands you use often. There might be a gem hidden in there that you don’t know about. Case in point: I’ve …read more Continue reading Linux Fu: Curling C→

cURL not returning status 302 after correct login for Hack the Box Machine ‘Crocodile’

Posted on January 15, 2024 by Maestro

cURL is returning a 200 status code after correct login. The common response code after user login should be 302. Why am I not receiving this status code? All information is provided below.
#!/usr/bin/env zsh

printf "\nsending raw re… Continue reading cURL not returning status 302 after correct login for Hack the Box Machine ‘Crocodile’→

How to properly use cURL –data-binary to send a request payload

Posted on January 8, 2024 by Maestro

This question is out of pure curiosity. I know I can send multipart formposts using curl’s –form/-F option. However, I was curious to see if the same can be done with the –data-binary option? For example, if I run the following script to… Continue reading How to properly use cURL –data-binary to send a request payload→

Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com

Posted on January 4, 2024 by Maestro

I want to solve an apprentice-level lab on PortSwigger.com focused on file upload vulnerabilities; the lab is called Remote code execution via web shell upload. The labs on PortSwigger.com encourage the use of Burp. However, while Burp is … Continue reading Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com→

This Week in Security: Curl Reveal, Rapid Reset DDoS, and Libcue

Posted on October 13, 2023 by Jonathan Bennett

Curl gave us all a big warning that a severe security problem had been found in that code-base. Given the staggering number of Curl installs around the world, we held …read more Continue reading This Week in Security: Curl Reveal, Rapid Reset DDoS, and Libcue→