Thursday, January 7, 2016

Spawning a pty from a php shell

Earlier today, I was performing a test, had dropped a php shell on the web server and gotten a reverse shell. Everything was working great, only one problem. I couldn't execute su or sudo, or ssh. Tring brought up this error:

 su: Must be run from a terminal

A simple way to get around this is to use a scripting language to spawn a pty:

echo "import pty; pty.spawn('/bin/bash')"> /tmp/shell.py
python /tmp/shell.py

This results in a standard terminal where you can run any binary.

f3n3s7ra
Posted by at
Labels: , ,

1 comment:

Subscribe to: Post Comments (Atom)