Escaping Restricted Shells
This week I mainly worked through all of the boxes and improved my notes (extra points are given if you write a report on 10 boxes). Today I looked back at a box that I couldn’t find any leads and ended up overlooking something very simple. While it only took around 30 minutes to get a shell, the interesting thing was that I kept getting this message whenever attempting to use a command:
-rbash: /usr/bin/python: restricted: cannot specify `/' in command names
After searching around, I found that I was in something called a restricted shell. Just as it is called, I have a shell, but have a lot of restrictions which make access almost useless. This article explains it very well and also goes over techniques to get out of the restricted shell.
I am not sure why I haven’t realized it, but learning about restricted shells makes me sort of better understand the setup of the course. When working on things in the lab, sometimes it just seems impossible and that it would be much easier if offsec told us how to do everything, but I can understand why they don’t. In the real world, I think that going through the enumeration process and finding something suspicious and being able to research it in order to take advantage of it is a lot more important than memorizing a process.
I currently have 21 days left in my lab, so I am working a lot harder on it now. I think that I didn’t manage my time as well as I should have, but that’s also sometime I learned. I currently rooted around 13 boxes which is a lot less than I would like (most people say around 30 is good).