This post summarizes some of the findings I posted on Twitter the other day.

While looking at Windows version of tar.exe I discovered that it includes lots of undocumented command line arguments; undocumented – in a sense that they are not described in program’s help (tar –help), but are obviously known to *NIX tar program users:

Amongst the more interesting ones are the LOLBIN and data encoding opportunities:

Encoding

Windows tar can BASE64-encode and UUEncode files:

tar -c -f<out> --b64encode <in>
tar -c -f<out> --uuencode <in>

Decoding

Using “-x” we can decode these files:

tar -x -f<in> --b64encode
tar -x -f<in> --uuencode 

Running programs (lolbin #1):

tar -cff --use-compress-program calc f

The –use-compress-program works with:

• -c(create)
• -x(extract)
• -t(test)

options meaning that:

tar -x --use-compress-program calc -f <in> 
tar -t --use-compress-program calc -f <in>

can be used to launch a program of your choice too.

Running Programs (lolbin #2):

When you use tar to create archives using different archive types e.g. bzip2, grzip, xz, etc. tar.exe spawns a child process (e.g. bzip2.exe). You can place a dummy bzip2.exe in your chosen directory and it will be launched when you use a command like the one below:

tar -c -ffoo -j .

Possible child processes created (need to tinker with options) are:

• bzip2.exe
• grzip.exe
• lrzip.exe
• lz4.exe
• lzop.exe
• lzma.exe
• xz.exe
• lzip.exe

Some of them only work with “test” option e.g. xz

tar -t -f<in> -J

These are existing archive type options

• -j, -y — bzip2.exe
• -J = xz.exe
• -z = (gzip – n/a)
• -Z = (compress – n/a)
• –grzip = grzip.exe
• –lrzip = lrzip.exe
• –lz4 = lz4.exe
• –lzma = (lzma – n/a)
• –lzip = (doesn’t seem to work although should spawn lzip.exe)
• –lzop = lzop.exe