Escaping RBASH

I will give differnt methods that you should try.

Method 1

BASH_CMDS[a]=/bin/sh;a
export PATH=$PATH:/bin/
export PATH=$PATH:/usr/bin

Method 2

Breakout restricted shell environment rbash | MetaHackers.proMetaHackers

Try everything in this article.

Method 3

The last method is one I encoutered in Peppo from Proving Grounds. By enumerating the $PATH environment variable we could see where the binaries are run from.

echo $PATH

Based on the $PATH directory we can list the binaries that the user can run.

$ ls bin

chmod chwon ed ls mv ping sleep touch

Now based on those binaries that we can run, these could be used to break out of restricte environments.

Look them up in gtfobins.

ed | GTFOBins

In this case we see that there is binary called "ed " and once we look that binary up we see that the binary ed can be used to break out of instances.

PreviousGit Repository NextDocker

Last updated 2 years ago