NetSec

Ramblings of a NetSec addict

  • Ramblings
    • OSCP Review
    • OSCE Review
    • So you want to be a Hacker?
    • InfoSec Topics
  • Tutorials
    • Simple Buffer Overflows
    • Converting Metasploit Module to Stand Alone
  • Hacking Snippets
    • Basic Information
      • Spawning a TTY Shell
      • Finding Public Exploits
    • Metasploit
      • Creating Metasploit Payloads
    • Passwords
      • Cracking Network Passwords (Hydra)
      • Generating Wordlists
      • Identifying Hashes (Hash Identifier)
      • Cracking Hashes (oclHashcat)
      • Obtaining Windows Passwords
    • Privilege Escalation
      • Linux Privilege Escalation Scripts
    • Port Redirection
      • Port Redirection with Rinetd
      • Dynamic Port Forwarding (SSH)
      • Remote Port Forwarding (SSH)
      • Local Port Forwarding (SSH)
      • Port Forwarding with Metasploit
    • Tools
      • Netcat
  • OS Tips
    • Linux
      • Simple Linux Commands
    • Windows
      • Simple Windows Commands
    • Programs
      • Remote Desktop (rdesktop)
      • Fixing Metasploit Slow Search
      • Encoding / Decoding Base64
  • Programming
    • Python Snippets
      • Multi-Threaded Brute Forcer
      • Writing Shellcode to a File
    • Programs
  • Peach Pits
    • FTP
      • Fuzz Username / Password
      • Fuzz FTP Commands
  • Vulnerable VMs
    • Walkthroughs
      • pWnOS 2.0

Spawning a TTY Shell

Peleus

Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.

Shell Spawning

  • python -c 'import pty; pty.spawn("/bin/sh")'

    python -c 'import pty; pty.spawn("/bin/sh")'

  • echo os.system('/bin/bash')

    echo os.system('/bin/bash')

  • /bin/sh -i

    /bin/sh -i

  • perl —e 'exec "/bin/sh";'

    perl —e 'exec "/bin/sh";'

  • perl: exec "/bin/sh";

    perl: exec "/bin/sh";

  • ruby: exec "/bin/sh"

    ruby: exec "/bin/sh"

  • lua: os.execute('/bin/sh')

    lua: os.execute('/bin/sh')

  • (From within IRB)
    exec "/bin/sh"

    exec "/bin/sh"

  • (From within vi)
    :!bash

    :!bash

  • (From within vi)
    :set shell=/bin/bash:shell

    :set shell=/bin/bash:shell

  • (From within nmap)
    !sh

    !sh

Many of these will also allow you to escape jail shells. The top 3 would be my most successful in general for spawning from the command line.

Filed Under: Basic Information Tagged With: shell, shell spawning, tty

Copyright © 2019 · Genesis Sample Theme on Genesis Framework · WordPress · Log in