wargio/spyonbash

## spyonbash
## just find the pid of the shell
[root]> ps -aux | grep bash
user     28202  0.0  0.1   4464  3696 pts/0    Ss+  10:26   0:00 -bash
root     28227  0.0  0.1   4360  3760 pts/1    Ss   10:26   0:00 -bash
root     28855  0.0  0.0   3044   884 pts/1    S+   11:13   0:00 grep bash
## then call the oneline command
## strace -p<pid> -s9999 -e write 2>&1 | python -c "import sys,re;[print(re.sub(r'write\(\d,\s\"(.+)\",\s\d+\)\s+=\s+\d+$|^---.+$', r'\1', line).replace('\n', '').encode('utf-8').decode('unicode_escape'), end='', flush=True) for line in sys.stdin]"
strace -p28202 -s9999 -e write 2>&1 | python -c "import sys,re;[print(re.sub(r'write\(\d,\s\"(.+)\",\s\d+\)\s+=\s+\d+$|^---.+$', r'\1', line).replace('\n', '').encode('utf-8').decode('unicode_escape'), end='', flush=True) for line in sys.stdin]"

strace: Process 28202 attached
[user@mydomain.com ~]$ ls aaaa
	## just find the pid of the shell
	[root]> ps -aux \| grep bash
	user 28202 0.0 0.1 4464 3696 pts/0 Ss+ 10:26 0:00 -bash
	root 28227 0.0 0.1 4360 3760 pts/1 Ss 10:26 0:00 -bash
	root 28855 0.0 0.0 3044 884 pts/1 S+ 11:13 0:00 grep bash
	## then call the oneline command
	## strace -p<pid> -s9999 -e write 2>&1 \| python -c "import sys,re;[print(re.sub(r'write\(\d,\s\"(.+)\",\s\d+\)\s+=\s+\d+$\|^---.+$', r'\1', line).replace('\n', '').encode('utf-8').decode('unicode_escape'), end='', flush=True) for line in sys.stdin]"
	strace -p28202 -s9999 -e write 2>&1 \| python -c "import sys,re;[print(re.sub(r'write\(\d,\s\"(.+)\",\s\d+\)\s+=\s+\d+$\|^---.+$', r'\1', line).replace('\n', '').encode('utf-8').decode('unicode_escape'), end='', flush=True) for line in sys.stdin]"

	strace: Process 28202 attached
	[user@mydomain.com ~]$ ls aaaa