The next objective is to escalate our privileges. I executed the new file, and I had an unrestricted /bin/bash environment. scp -p test file was successfully uploaded.
I then used SCP to upload the file to the machine, passing the ‘p’ parameter to ensure the file permissions (including the execution privilege) were retained after upload. I used the chmod command to make sure the new file I created was able to be executed. On my own machine, I created a file containing “/bin/bash” as the contents. Although we cannot run any commands containing slashes, perhaps the same restriction doesn’t apply to binaries, or potentially simple bash scripts. Interestingly, it was calling them explicitly (which inevitably meant slashes were being used). I could see that the binary was calling various other binaries (as per the screenshot). I decided to copy the file to my local computer, and use the strings command to identify what the binary was doing (to a point, at least). Within the home folder of the user I was logged in as was a binary called ‘honeypot-decoy’. I also couldn’t run any commands containing slashes, which means I couldn’t directly call /bin/bash.
I could run the echo command, but I couldn’t pipe the output into a file. None of the escape methods I could find on readily available cheat sheets were working, so I had to identify my own method for escaping the rbash environment.ĭue to the restricted bash environment, there were very few commands I could run. There are a number of different techniques to escape restricted bash environments fortunately there are a few cheat-sheets available online which show a number of different methods to try. It is very unlikely you will be able to progress further without escaping from the restricted environment.
You may come across restricted bash environments.
0 kommentar(er)
