SANS Penetration Testing: Category - Shell Fu

Awkward Binary File Transfers with Cut and Paste

[Editor's note: Josh Wright spins up another useful blog article about different ways to move files to and from Linux systems. Lots of nice little tricks in this one. Thanks, Josh! -Ed.] By Josh Wright Sometimes I find myself with access to a remote Linux or Unix box, with limited opportunity to transfer files to … Continue reading Awkward Binary File Transfers with Cut and Paste


Using Built-Ins to Explore a REALLY Restricted Shell

By Ed Skoudis and Josh Wright Josh Wright and I were working on a project recently which involved a target machine with a really restricted shell environment. I'm not talking about a mere rbash with some limits on the executables we could access, but instead a shell so restricted we could not run any binaries … Continue reading Using Built-Ins to Explore a REALLY Restricted Shell


Sneaky Stealthy SU in (Web) Shells

[In this article, the inimitable Tim Medin has some fun with PHP web shells, and merges together some clever ideas for interacting with them in a rather stealthier fashion using some Python kung fu! -Ed.] By: Tim Medin Here is the scenario: you have a server that allows you to upload an avatar. The site … Continue reading Sneaky Stealthy SU in (Web) Shells


Command Injection Tips: Leveraging Command-line Kung Fu with nslookup

[Editor's Note: Tom Heffron provides some really cool tips for leveraging nslookup in web app command-injection attacks. His ideas for using environment variables is pretty nifty, and his point about how to launch this so that it doesn't require an authoritative DNS server is great. -Ed.] When I took the recent SANS SEC 560 vLive … Continue reading Command Injection Tips: Leveraging Command-line Kung Fu with nslookup


Escaping Restricted Linux Shells

[Editor's Note: On the GPWN mailing list for SANS Pen Test Course Alumni a few months ago, we had a nice, lively discussion about techniques penetration testers and ethical hackers could use to escape a restricted shell environment. A lot of nifty techniques were offered in what amounted to an interactive brainstorming session on the … Continue reading Escaping Restricted Linux Shells