Warning: PHP Request Startup: Invalid date.timezone value '', using 'UTC' instead in Unknown on line 0

Warning: PHP Request Startup: Session ini settings cannot be changed after headers have already been sent in Unknown on line 0

Warning: session_start(): Session cannot be started after headers have already been sent in /home/admud64/mrleet.com/user/database_connection.php on line 5
Spawning a TTY Shell used in Penetration Testing ~ MrLeet

Back

Score 0

Title: Spawning a TTY Shell used in Penetration TestingAuthor: ajayverma
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.

Shell Spawning

python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl —e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
(From within IRB)
exec "/bin/sh"
(From within vi)
:!bash
(From within vi)
:set shell=/bin/bash:shell
(From within nmap)
!sh
Many of these will also allow you to escape jail shells. The top 3 would be my most successful in general for spawning from the command line
Like
|
Dislike
Submitted On: 2019-05-30 12:51:05




Warning: PHP Startup: Invalid date.timezone value '', using 'UTC' instead in Unknown on line 0