Spawing Interactive Shells

---

🧠 Spawning Interactive Shells

When you land a limited shell (non-tty), your capabilities may be restricted:

• No prompt

• No job control

• Limited or blocked commands (e.g., sudo, su, ctrl + c)

Use one of the following methods to upgrade to an interactive TTY shell, depending on which tools/languages are available on the system.

---

📜 Methods for Spawning TTY Shells

🐍 Python (most common)

python -c 'import pty; pty.spawn("/bin/sh")'

Alternative (if python3 is available):

python3 -c 'import pty; pty.spawn("/bin/bash")'

---

🧮 /bin/sh (Bourne Shell)

/bin/sh -i

• Launches an interactive shell directly

---

🧙 Perl

perl -e 'exec "/bin/sh";'

Or, from a script:

exec "/bin/sh";

---

💎 Ruby

From script:

exec "/bin/sh"

---

🐢 Lua

From script:

os.execute('/bin/sh')

---

🧾 AWK

awk 'BEGIN {system("/bin/sh")}'

• Uses system() to spawn shell via awk, available on most Unix systems

---

🔍 Find

Searches for a file, and spawns a shell using awk:

find / -name nameoffile -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;

Or directly invoke shell:

find . -exec /bin/sh \; -quit

---

📝 VIM

Escape to shell from within Vim:

vim -c ':!/bin/sh'

Or manually from Vim:

vim
:set shell=/bin/sh
:shell

---

🔐 Checking Execution Permissions

Check if you can run a file or binary:

ls -la <path/to/file_or_binary>

Example:

ls -la /bin/bash

---

🔑 Check sudo Permissions

If you have a stable interactive shell, run:

sudo -l

Example output:

User apache may run the following commands on ILF-WebSrv:
    (ALL : ALL) NOPASSWD: ALL

• Indicates full sudo access without password — potential for privilege escalation.

⚠️ Note: sudo -l may not work in unstable or limited shells.