Spawning a TTY Shell

Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.

Shell Spawning

1. python -c 'import pty; pty.spawn("/bin/sh")'

2. echo os.system('/bin/bash')

3. /bin/sh -i

4. perl —e 'exec "/bin/sh";'

5. perl: exec "/bin/sh";

6. ruby: exec "/bin/sh"

7. lua: os.execute('/bin/sh')

8.(From within IRB)

exec "/bin/sh"

9. (From within vi)

:!bash

10. (From within vi)

:set shell=/bin/bash:shell

11. (From within nmap)

!sh

Many of these will also allow you to escape jail shells. The top 3 would be my most successful in general for spawning from the command line.