Notes
  • Enumeration
  • Shells
    • Interactive TTY Shell
    • Spawn a Shell
    • Reverse Shells
  • Buffer OverFlow
    • Do Stack Buffer Overflow Good
    • Server-Memc.exe
  • Tools
    • hydra
    • Hashcat
    • SSH tricks
    • Git
    • pspy
    • Impacket-tools
    • Evil-winrm
    • Crackmapexec
    • Empire
    • SQLMap
    • msfvenon
    • Mimikatz
    • Docker
    • Weevely
    • gpp-decrypt
    • PLink.exe
    • john
    • wfuzz
    • Searchsploit
  • Python
    • Useful Libraries
    • Python Tricks
    • Using fstrings Python3
  • PHP
    • Web shells
    • Bypassing Dangerous PHP Functions
    • Exploiting RFI in a PHP application and bypassing remote URL inclusion restrict
    • PHP - LFI and RFI
  • SQL Injection
    • Getting a Shell
    • Enable xp_cmdshell
    • Shell From PHPMyAdmin
  • OpenSSL - CheatSheet
  • Windows
    • TeamViewer Decrypt
    • Commando VM
    • PrivEsc
      • Bypass AppLocker
      • Disable Windows Defender
      • Abusing Services
      • Blogs About Windows
      • Guides
      • Powershell Runas
      • Living Off The Land Binaries and Scripts
      • DLL Injection
      • Common Windows PrivEsc
      • Windows PrivEsc Exploits
      • Abusing Files Permissions
      • Interesting Files
      • File Transfer Methods
      • Bloodhound
      • Potatos and Tokens
        • PrintSpoofer Win10 - Server 2016/2019
      • SessionGopher.ps1
      • Sherlock.ps1
      • Windows - PrivEsc Scripts
        • Windows Exploit Suggester
    • Powershell
    • Anti-Virus Evasion
    • Post-Exploitation
      • Extract Windows Hashes Offline
      • Dumping Domain Password Hashes
    • Vulnerabilities
      • MS15-051
      • MS17-010
      • MS08-067
    • Active Directory
      • Get-DomainSPN Ticket
      • Kerberos
      • Bloodhound
      • DNS Admin to SYSTEM
      • DC Sync Attack
      • Escalating privileges with ACLs in Active Directory
      • How SMB Relay Works
      • Practical Guide to NTLM Relaying
      • Microsoft Exchange – ACL
  • Linux
    • PrivEsc
      • LXE to root
      • MySQL as root
      • Logrotate PrivEsc 3.15.1
      • Guides
      • SSH Tricks
      • Abusing Unix Wildcards
      • Linux - PrivEsc Scripts
    • Kernel Exploits
  • OSCP
    • Resources & Guides
      • WordPress PrivEsc
    • HackTheBox - Writeups
      • HTB - Networked
      • HTB - Cronos
      • HTB - Nibbles
      • HTB - LaCasaDePapel
      • HTB - Sense
      • HTB - October
      • HTB - Brainfuck
      • HTB - Mirai
      • HTB - Blocky
      • HTB - Teacher
      • HTB - Tally
      • HTB - Bank
      • HTB - Jeeves
      • HTB - Silo
      • HTB - Bastard
      • HTB - Legacy
      • HTB - Heist
      • HTB - Active
      • HTB - Bastion
      • HTB - Haystack
      • HTB - Bashed
      • HTB - Blue
      • HTB - Tenten
      • HTB - Artic
      • HTB - Bounty
      • HTB - Jerry
  • CTF
    • TryHackMe Writeups
      • TryHackMe - Tempus Fugit Durius
      • TryHackMe - Jack
    • Tools and Resources
Powered by GitBook
On this page
  1. Shells

Spawn a Shell

PreviousInteractive TTY ShellNextReverse Shells

Last updated 4 years ago

Same as above ( easy to copy and paste )

# Python
python -c 'import pty; pty.spawn("/bin/bash")'

# Bash
echo os.system('/bin/bash')

# Bash
/bin/sh -i

# Perl
perl —e 'exec "/bin/sh";'

# Perl
perl: exec "/bin/sh";

# Ruby
ruby: exec "/bin/sh"

# Lua
lua: os.execute('/bin/sh')

# (From within IRB)
exec "/bin/sh"

# (From within vi)
:!bash

# (From within vi)
:set shell=/bin/bash:shell

# (From within nmap)
!sh