screen
Terminal multiplexer. Can create persistent sessions that survive logout, run background processes, and escape restricted shells.
Binary Paths
/usr/bin/screen/bin/screen
Glob Patterns
| Pattern | Notes |
|---|---|
scree?
|
Single wildcard replaces 'n' |
s*n
|
Star matches 'cree' — broad pattern, may match other s*n binaries |
scr*n
|
Star matches 'ee' — more specific |
scree[n]
|
Character class on final char |
/usr/bin/scree?
|
Full path with wildcard on last char |
/???/bin/screen
|
Obfuscate /usr/ directory |
$(ls /usr/bin/scree?)
|
ls resolves glob to /usr/bin/screen; command substitution executes it |
$'\x73\x63\x72\x65\x65\x6e'
|
ANSI-C hex escapes expand to 'screen' |
Pattern Tester
$
Try typing screen or a full path like /usr/bin/screen
YARA Rule
Auto-generated detection rule for screen
Platform Notes
screen -dmS name cmd runs a detached named session. Sessions survive SSH disconnects. If screen has SUID permissions: screen -x 'attacker/cmd' can escape to a shell. GTFOBins documents screen as a SUID privilege escalation vector.