{"id":997,"date":"2022-09-23T19:34:14","date_gmt":"2022-09-23T09:34:14","guid":{"rendered":"https:\/\/catharsis.net.au\/blog\/?p=997"},"modified":"2022-09-23T19:51:19","modified_gmt":"2022-09-23T09:51:19","slug":"spawn-a-tty-shell","status":"publish","type":"post","link":"https:\/\/catharsis.net.au\/blog\/spawn-a-tty-shell\/","title":{"rendered":"Spawn a TTY Shell"},"content":{"rendered":"\n<p>There are several commands and things you can&#8217;t do if you have a non-tty-shell. This can occur if you upload reverse shells to a web server, resulting in a shell that is created by the user www-data or a user with a similar name.<br>As a result, you cannot use <code>su or sudo<\/code>, for instance, without a tty-shell. If you are able to obtain a root password but are unable to utilise it, this might be frustrating.<\/p>\n\n\n\n<p>Below are a few commands which can help you to have an interactive TTY shell:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>1.) python -c 'import pty; pty.spawn(\"\/bin\/sh\")'\n\n2.) echo os.system('\/bin\/bash')\n\n3.) \/bin\/sh -i\n\n4.) perl \u2014e 'exec \"\/bin\/sh\";'\n\n5.) perl: exec \"\/bin\/sh\";\n\n6.) ruby: exec \"\/bin\/sh\"\n\n7.) lua: os.execute('\/bin\/sh')\n\n8.)(From within IRB) - exec \"\/bin\/sh\"\n\n9.)(From within vi) - :!bash\n\n10.)(From within vi) - :set shell=\/bin\/bash:shell\n\n11.)(From within nmap) - !sh<\/code><\/pre>\n\n\n\n<p class=\"has-small-font-size\"><em>Source: netsec.ws<\/em><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>This is for pure educational &amp; informational purpose. Only use these techniques where allowed or you have permission to do so. <\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>There are several commands and things you can&#8217;t do if you have a non-tty-shell. This can occur if you upload reverse shells to a web server, resulting in a shell that is created by the user www-data or a user with a similar name.As a result, you cannot use su or sudo, for instance, without [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1000,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36,38],"tags":[55,57,56,58],"class_list":["post-997","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cve-exploits","category-how-to","tag-interactive-shell","tag-reverse-shell","tag-tty-shell","tag-upgrade-shell"],"_links":{"self":[{"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/posts\/997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/comments?post=997"}],"version-history":[{"count":3,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/posts\/997\/revisions"}],"predecessor-version":[{"id":1005,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/posts\/997\/revisions\/1005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/media\/1000"}],"wp:attachment":[{"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/media?parent=997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/categories?post=997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/catharsis.net.au\/blog\/wp-json\/wp\/v2\/tags?post=997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}