Weaponizing .tar files - RedTeam
So many times you will find, that you are not allowed to upload executable binaries , backdoor php or other extension file, also those are very easy to recognize by Sys Admins. Here
Aug 19, 2020
So many times you will find, that you are not allowed to upload executable binaries , backdoor php or other extension file, also those are very easy to recognize by Sys Admins. Here is a trick which may help you.
So, here I have a folder contains some common files, one random jpeg and one pdf.
Let's create a .tar file ( A TAR file (Tape Archive file) is a Consolidated Unix Archive file. TAR files are popular for archiving and sending multiple files over the internet. ) . But, before, you need to do following to weaponize it with your commands.
touch ''$'\n''ls -an;'
touch ''$'\n''ifconfig;'Be creative or use plain simple netcat commands to create your backdoor. Once done, directory structure will look like following
Now, the time to create our weaponize .tar file.
tar -cf weapon.tar *And, now we have our tar file named weapon.tar . This tar file work as common archive file. But, when you are executing the file - it trigger your commands.
chmod +x weapon.tar
./weapon.tarAnd the output ...
Voila ...