Spawning a TTY Shell

 Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.

Shell Spawning

•  

python -c 'import pty; pty.spawn("/bin/sh")'

•  

echo os.system('/bin/bash')

•  

/bin/sh -i

•  

perl —e 'exec "/bin/sh";'

•  

perl: exec "/bin/sh";

•  

ruby: exec "/bin/sh"

•  

lua: os.execute('/bin/sh')

• (From within IRB)

exec "/bin/sh"

• (From within vi)

:!bash

• (From within vi)

:set shell=/bin/bash:shell

• (From within nmap)

!sh

Many of these will also allow you to escape jail shells. The top 3 would be my most successful in general for spawning from the command line.