Shell Escape Techniques

1. WSL Shell escape by typing full binary paths

2. vi

If vi binary is allowed access in restricted shell you can:

<Esc>=>:!/bin/bash

3. man

In one of the CTF's (brainpan) we saw an executable that was fetching manual page of an input binary.

As you can see that /home/anansi/bin/anansi_util manual file command fetches manual page. Here we can type: !/bin/bash If there is SUID set on this, you can elevate the privileges to root too.

PreviousPost Exploitation NextGetting stable shell after compromise

Last updated 3 years ago