Now this is also a very critical place where we see a lot of challenges. One of them is getting an interactive shell on the compromised box but unable to run su or login.
Recently i was in the same place and thanks to the Pentesting-Monkey who has an awesome blog for this one here
(http://pentestmonkey.net/blog/post-exploitation-without-a-tty)
If you have python installed, we all know about the famous pty.spwan TTY
python -c ‘import pty; pty.spawn(“/bin/sh”)’
but there are situations where PYTHON is not installed.
In such situations when nobody TTY, one should try and start EXPECT in the first place ;)
(http://en.wikipedia.org/wiki/Expect)
sh-3.2$ expect sh.exp
spawn sh
sh-3.2$ su -
Password:********
localhost ~ #
Special Thanks to Mr Pen Test Monkey as always :)
Recently i was in the same place and thanks to the Pentesting-Monkey who has an awesome blog for this one here
(http://pentestmonkey.net/blog/post-exploitation-without-a-tty)
If you have python installed, we all know about the famous pty.spwan TTY
python -c ‘import pty; pty.spawn(“/bin/sh”)’
but there are situations where PYTHON is not installed.
In such situations when nobody TTY, one should try and start EXPECT in the first place ;)
(http://en.wikipedia.org/wiki/Expect)
sh-3.2$ expect sh.exp
spawn sh
sh-3.2$ su -
Password:********
localhost ~ #
Special Thanks to Mr Pen Test Monkey as always :)
No comments:
Post a Comment