Hi,
I am just doing the Oopsie and I am not sure what exactly is happening in one of the Foothold command particularly why is there /dev/null code in the following command:
SHELL=/bin/bash script -q /dev/null
Is it supposed to link the bash to /dev/null (why)?
Also why do I need to safe the command to SHELL? The variable is not used later on.
Finally in Lateral Movement there is the command:
ls /var/www/html/cdn-cgi/login
Is there way to get the absolute path of cdn-cgi/login from Burp or I just need to know that it will be under /var/www/html/?
Thank you very much for any advise. I tried to lookup what I could. I am just not sure about these things.
the first command is just upgrading your shell to be fully interactive. there’s multiple ways to do it. a common one is to use python.
python -c ‘import pty;pty.spawn(“/bin/sh”)’
the default root directory for a web server is /var/www/ so if you’re looking for things related to the web server it’s a good place to look.
You can see /cdn-cgi/login from burp and the browser. usually websites won’t give you absolute path unless something is misconfigured.
so the purpose of that python command actually include to spawn a pty?! i thought it was only to make sure the syntax is bash-ish (facepalm) i’ve been ignorant
recently i met a box where python is not installed, and i didn’t know how to react with such fact, i. typed. /bin/bash. into. the. command line. that was totally missing the point right? oh man
thank you!
edit: now the concepts of terminal shell console tty pty etc seems clearer to me (i hope), ahh pretty lucky clicked into this thread today! thanks again
so the purpose of that python command actually include to spawn a pty?! i thought it was only to make sure the syntax is bash-ish (facepalm) i’ve been ignorant
recently i met a box where python is not installed, and i didn’t know how to react with such fact, i. typed. /bin/bash. into. the. command line. that was totally missing the point right? oh man
thank you!
edit: now the concepts of terminal shell console tty pty etc seems clearer to me (i hope), ahh pretty lucky clicked into this thread today! thanks again
yea there’s lots of ways to do it. python is just the most popular it seems.