x

rbash escape

https://www.hacknos.com/rbash-escape-rbash-restricted-shell-escape/

https://gist.github.com/PSJoshi/04c0e239ac7b486efb3420db4086e290

https://viperone.gitbook.io/pentest-everything/writeups/pg-practice/linux/peppo

https://gtfobins.github.io/#+shell

Change rbash to bash

ssh psj@server_name -t "bash --noprofile"

List available commands:

compgen -c

Essentially you need to do the following:

  1. start bash without source'ing either ~/.bashrc or ~/.bash_profile
  2. since such a shell wouldn't be a full login shell / have no tty attached, force ssh to attach a tty:

Also, you may need to modify your PATH variable after escaping bash and it may point to a custom env folder. 

export PATH=/usr/bin:/bin

Check $SHELL variable prior to running this command, rbash may still be causing restrictions.

Left-click: follow link, Right-click: select node, Scroll: zoom
x