Spawing Interactive Shells

๐Ÿง  Spawning Interactive Shells

When you land a limited shell (non-tty), your capabilities may be restricted:

  • No prompt

  • No job control

  • Limited or blocked commands (e.g., sudo, su, ctrl + c)

Use one of the following methods to upgrade to an interactive TTY shell, depending on which tools/languages are available on the system.

๐Ÿ“œ Methods for Spawning TTY Shells

๐Ÿ Python (most common)

python -c 'import pty; pty.spawn("/bin/sh")'

Alternative (if python3 is available):

python3 -c 'import pty; pty.spawn("/bin/bash")'

๐Ÿงฎ /bin/sh (Bourne Shell)

/bin/sh -i

  • Launches an interactive shell directly

๐Ÿง™ Perl

perl -e 'exec "/bin/sh";'

Or, from a script:

exec "/bin/sh";

๐Ÿ’Ž Ruby

From script:

exec "/bin/sh"

๐Ÿข Lua

From script:

os.execute('/bin/sh')

๐Ÿงพ AWK

awk 'BEGIN {system("/bin/sh")}'

  • Uses system() to spawn shell via awk, available on most Unix systems

๐Ÿ” Find

Searches for a file, and spawns a shell using awk:

find / -name nameoffile -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;

Or directly invoke shell:

find . -exec /bin/sh \; -quit

๐Ÿ“ VIM

Escape to shell from within Vim:

vim -c ':!/bin/sh'

Or manually from Vim:

vim
:set shell=/bin/sh
:shell

๐Ÿ” Checking Execution Permissions

Check if you can run a file or binary:

ls -la <path/to/file_or_binary>

Example:

ls -la /bin/bash

๐Ÿ”‘ Check sudo Permissions

If you have a stable interactive shell, run:

sudo -l

Example output:

User apache may run the following commands on ILF-WebSrv:
    (ALL : ALL) NOPASSWD: ALL

  • Indicates full sudo access without password โ€” potential for privilege escalation.

โš ๏ธ Note: sudo -l may not work in unstable or limited shells.

Previous๐Ÿ Spawning a TTY Shell with PythonNextWeb Shells

Last updated