ggkitsas
commented
3 years ago metasploit has a module
or you could script it yourself, here's a starting point: https://github.com/jwilk/traversal-archives/blob/master/tar/Makefile
Open mikelueng opened 3 years ago
ggkitsas
commented
3 years ago metasploit has a module
or you could script it yourself, here's a starting point: https://github.com/jwilk/traversal-archives/blob/master/tar/Makefile
mikelueng
commented
3 years ago thank you so much.
mikelueng
commented
3 years ago when I use zip_slip module in metasploit, it seems that I can just use the payload msf provided, but can't specify the content of the compressed file. If I want to exploit the Zip_Slip_Vulnerability to override /ect/crontab with correct format , how could I do for this ?
mikelueng
commented
3 years ago finally, I find the way to override etc/crontab: 1)mkdir etc in the path: ~/mike/java/yasuo/abc/, then write crontab in the folder "etc" we just mkdir. 2)root@kali:~/mike/java/yasuo/abc/11/22/33# tar cPvf cron.tar ../../../etc/crontab bingo, get cron.tar include ../../../etc/crontab
hi, would you tell me the way how to add ../ in tar file.