From 2740600a6b577bb570301b602fd4a93f6eac7090 Mon Sep 17 00:00:00 2001
From: Th1b4ud <thibaud.robin.develop@gmail.com>
Date: Tue, 21 Apr 2020 19:21:51 +0200
Subject: [PATCH] Alternative TTY method with /usr/bin/script

---
 .../Reverse Shell Cheatsheet.md                     | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md
index 63346eb1..a728c334 100644
--- a/Methodology and Resources/Reverse Shell Cheatsheet.md	
+++ b/Methodology and Resources/Reverse Shell Cheatsheet.md	
@@ -431,6 +431,19 @@ lua: os.execute('/bin/sh')
 - nmap: `!sh`
 - mysql: `! bash`
 
+Alternative TTY method
+
+```
+www-data@debian:/dev/shm$ su - user
+su: must be run from a terminal
+
+www-data@debian:/dev/shm$ /usr/bin/script -qc /bin/bash /dev/null
+www-data@debian:/dev/shm$ su - user
+Password: P4ssW0rD
+
+user@debian:~$ 
+```
+
 ## Fully interactive reverse shell on Windows
 The introduction of the Pseudo Console (ConPty) in Windows has improved so much the way Windows handles terminals.