Spawing Interactive Shells

🧠 Spawning Interactive Shells

When you land a limited shell (non-tty), your capabilities may be restricted:

  • No prompt

  • No job control

  • Limited or blocked commands (e.g., sudo, su, ctrl + c)

Use one of the following methods to upgrade to an interactive TTY shell, depending on which tools/languages are available on the system.

📜 Methods for Spawning TTY Shells

🐍 Python (most common)

python -c 'import pty; pty.spawn("/bin/sh")'

Alternative (if python3 is available):

python3 -c 'import pty; pty.spawn("/bin/bash")'

🧮 /bin/sh (Bourne Shell)

/bin/sh -i

  • Launches an interactive shell directly

🧙 Perl

perl -e 'exec "/bin/sh";'

Or, from a script:

exec "/bin/sh";

💎 Ruby

From script:

exec "/bin/sh"

🐢 Lua

From script:

os.execute('/bin/sh')

🧾 AWK

awk 'BEGIN {system("/bin/sh")}'

  • Uses system() to spawn shell via awk, available on most Unix systems

🔍 Find

Searches for a file, and spawns a shell using awk:

find / -name nameoffile -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;

Or directly invoke shell:

find . -exec /bin/sh \; -quit

📝 VIM

Escape to shell from within Vim:

vim -c ':!/bin/sh'

Or manually from Vim:

vim
:set shell=/bin/sh
:shell

🔐 Checking Execution Permissions

Check if you can run a file or binary:

ls -la <path/to/file_or_binary>

Example:

ls -la /bin/bash

🔑 Check sudo Permissions

If you have a stable interactive shell, run:

sudo -l

Example output:

User apache may run the following commands on ILF-WebSrv:
    (ALL : ALL) NOPASSWD: ALL

  • Indicates full sudo access without password — potential for privilege escalation.

⚠️ Note: sudo -l may not work in unstable or limited shells.

Previous🐍 Spawning a TTY Shell with PythonNextWeb Shells

Last updated