The starting point of the attack is an email message containing a RAR archive, which includes a file with a maliciously crafted file name: “ziliao2.pdf{echo,<Base64-encoded command>}|{base64,-d}|bash”
Doesn’t it mean that a rar archive contains the malicious file?
It’s worth noting that simply extracting the file from the archive does not trigger execution. Rather, it occurs only when a shell script or command attempts to parse the file name.
Doesn’t it mean that a rar archive contains the malicious file?
Right you are! I’m not sure how that went over my head. Eh, too much morning, too little coffee. Thanks for correcting me.