This post summarizes some of the findings I posted on Twitter the other day.
While looking at Windows version of tar.exe I discovered that it includes lots of undocumented command line arguments; undocumented – in a sense that they are not described in program’s help (tar –help), but are obviously known to *NIX tar program users:
Amongst the more interesting ones are the LOLBIN and data encoding opportunities:
Encoding
Windows tar can BASE64-encode and UUEncode files:
tar -c -f<out> --b64encode <in> tar -c -f<out> --uuencode <in>
Decoding
Using “-x” we can decode these files:
tar -x -f<in> --b64encode tar -x -f<in> --uuencode
Running programs (lolbin #1):
tar -cff --use-compress-program calc f
The –use-compress-program works with:
- -c(create)
- -x(extract)
- -t(test)
options meaning that:
tar -x --use-compress-program calc -f <in> tar -t --use-compress-program calc -f <in>
can be used to launch a program of your choice too.
Running Programs (lolbin #2):
When you use tar to create archives using different archive types e.g. bzip2, grzip, xz, etc. tar.exe spawns a child process (e.g. bzip2.exe). You can place a dummy bzip2.exe in your chosen directory and it will be launched when you use a command like the one below:
tar -c -ffoo -j .
Possible child processes created (need to tinker with options) are:
- bzip2.exe
- grzip.exe
- lrzip.exe
- lz4.exe
- lzop.exe
- lzma.exe
- xz.exe
- lzip.exe
Some of them only work with “test” option e.g. xz
tar -t -f<in> -J
These are existing archive type options
- -j, -y — bzip2.exe
- -J = xz.exe
- -z = (gzip – n/a)
- -Z = (compress – n/a)
- –grzip = grzip.exe
- –lrzip = lrzip.exe
- –lz4 = lz4.exe
- –lzma = (lzma – n/a)
- –lzip = (doesn’t seem to work although should spawn lzip.exe)
- –lzop = lzop.exe