In the of the box, the last leg of the challenge involves manipulating the tar executable. However, before I found out the actual method to complete, I came acros a blogpost which mentions how
--checkpoint-action flag can be used to execute a code.
But I couldn’t get this to work and had to resort to a lesser elegant way of prepending a 'bash’ed version of tar to the PATh variable.
Has anyone else tried this? Box is Pandora
Hint: you don’t need to modify
tar directly. You just need to have an executable named
tar in your path… What that executable contains is up to you.
I understand what we’re supposed to do to own the box. It’s just that I am confused why the article’s way doesn’t work. Afaik, it’s not related to a version.
the attack in provided post does not apply to current box.
it need to inject --checkpoint-action=exec=SCRIPT --checkpoint=1 to the command line, but it is not possible for given wildcard format.
you can follow the instruction and echo the command to check what is indeed executed.