How to Upgrade a Shell

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
how to upgrade a shell.
00:02
Learning objectives to understand why we try to upgrade a shell and demonstrate the various ways to upgrade a shell.
00:10
So I hope the last lesson didn't get you down. Um there are ways to go from a bad shell to a good shell and I'm gonna tell you how you can do that, we're hackers right, because I think outside the box, if we're stuck with a bad shell, there has to be a good way to get a good shell.
00:25
Some of those ways are in Ritter printer, you can go from a command shell and you'll see here. I used multi manage sheldon interpreter
00:33
and again, this is gonna be something that more in P W K and C T F s, that actually, oh, SCP, because again, this is a module here, so you will migrate from a command shell which has limited functionality
00:45
to a interpreter shell where we can do things like set up a pivot point.
00:52
So that's to say that when you are in C T S and P W K and you're using medicine Floyd and you do get a command shell off the bat. There is a module that you can go from getting just a command shell to aim interpreter show with a lot more functionality.
01:08
Mhm
01:10
Yeah,
01:11
in some cases you'll find you have a restricted shell. So on the top image or ssh in which I did say it is great to get an ssh ssh session into a box. But you'll see here we're in a restricted our bash shell. So trying to change director to root says restricted, who am I?
01:29
It's not letting us specify a forward slash.
01:32
You can get around that. And there are some, I've seen some cts or boxes that are like tailored around uh escapes escaping these types of restricted shells.
01:42
One way to do that is, you know, I've taught you tak tea and you can do Ben bash Corbyn Shelby S. H.
01:49
In some cases you can do bash tack techno profile and in this case it worked for me
01:55
and you can see now I can change directory to fc
01:57
um and sc password. So I have a whole lot more functionality than I did uh in this our bash shell, that's how to escape in our bash shell is to try this tactic. E bash no profile. Sometimes it works. Sometimes it doesn't, but this is a total put in your toolbar.
02:15
Um Also here you'll see that
02:19
I have a PHP shell
02:21
and you can see I'm issuing commands and I don't get any output. I don't see anything.
02:24
So what I want to do is I want to upgrade
02:28
um to aim interpreter, shelf possible. Multi handler. Like I said multi handler. When I recorded this, when I'm recording this now, you can use multi handler on any box you want.
02:38
So that's what I typically do is that once I have a PHP shell, normally through a web shell or I get are see through a web server
02:47
is I'll get on the box of the net cat shell and then I will download, you'll see curl and w get which you should recognize as ways to get the shell from my box and I'm making it execute herbal
03:00
and ultimately I am executing this this shell dot elf, which is something that I created with MSF venom.
03:08
So if you're on Lenox box, you can use MSF venom to create this L file and ultimately have it executed. You see here now I have a nice interpreter session open.
03:22
So here's a cheat sheet. If you do get on a box and you do see have limited functionality, you can do this python import pt Why that's importing basically having python
03:31
use this
03:34
this library and in this language to create its own shell, which is very stable. I found echo O. S system
03:42
bin bash or even been shell in some cases and Ben, s. H. Tak I
03:46
so give those a try if you don't see anything if you're on the box and you don't see any type of
03:53
prompt. Um give the each other to try.
03:57
Also note that with python, sometimes it's python three and not python that will work because the box will only recognize when you write python three.
04:06
So also no, like I said, sometimes it's not been S H talk, I sometimes been bashed, acai or Echo? S system been shell that will work. So switch this around. And and sometimes it's I think in more modern boxes, user bin bash is a link to bin bash.
04:26
But in some of these older boxes, I think they were different. So try to try to switch them up.
04:30
Sometimes the binaries are for the user and not just in bin bash. So look for those as well. There there could be other places where that binary is that will that will work for you.
04:43
So here's a tale of two terminals
04:46
on the left. I'm doing the dirty cow exploit
04:48
and you'll see on the left, I don't see any output. And I was just sitting there says in a new password, evil, I entered evil.
04:55
And it's just sitting there.
04:57
And that's what I also said with like uh these exploits, I have gcc I'm trying to compile it. P thread decal output, decal. L crypt. That was a nice script because it told me how to how to compile that exploit. But ultimately I'm just sitting there because I have a bad shell
05:15
on the right hand side. I'm using that python, taxi import peat. Ey.
05:19
So I have that python nice python shell and you can see all this output and at the end I password, evil, fire farts. The guy that made the exploits. So that's why it's fire fart.
05:30
But you'll see ultimately I'm route.
05:31
So using using that upgrade ultimately led me to privilege escalation. Whereas if I didn't do that, I'm just sitting there indefinitely and hoping that somehow I become
05:45
here is a link. I suggest you take a look at it.
05:48
Ways to upgrade your shell. I will note that the author wrapped up
05:54
does have a portion that you can upgrade shells with magic and it's really, it really is cool and it's worked for me some of the time
06:01
that's to say sometimes I completely wrecked my terminal and I have no idea what's going on and I ultimately have to close it and I've lost that foothold. And when you're taking over SCP, you're you're nervous enough. Um and if your shell, if you if you have to exit out of your shell or exit of your terminal, you know, that's like very, very, very nerve wracking. So
06:23
that's to say, be careful with his upgrade with magic technique because it's very possible that it may not work for you.
06:30
So, I know when I took over SCP, I didn't use it when I was in fact the box and things like that, I was more than happy to give it a try
06:38
and see that it worked when it did. It was really cool because I attacked completion and I could hit the up arrow for history and it was very, very useful.
06:45
So use that at your discretion.
06:47
So in summary, we should now understand why we try to upgrade a shell and we should be able to demonstrate the various ways to upgrade a shell.
06:57
Mhm.
Up Next
Offensive Penetration Testing

The Offensive Penetration Testing course opens the doors to those wanting to begin a penetration testing career. This course will prepare learners to begin their pentesting career journey by understanding what tools, techniques, and resources are available for someone starting out in offensive penetration testing.

Instructed By