Upgrade Simple Shells to Fully Interactive TTYs

At a Glance #

More often than not, reverse, or bind shells are shells with limited interactive capabilities. Meaning no job control, no auto-completion, no STDERR output, and, most important, poor signal handling and limited commands support. To fully leverage the shell it is convenient to upgrade to an interactive TTY with extended features.

Note: To check if the shell is a TTY shell use the tty command.

Shell to Bash #

Upgrade from shell to bash.

SHELL=/bin/bash script -q /dev/null

Python PTY Module 1 #

Prerequisite:

Target machine must have Python 2 or 3 installed

Stabilize your shell:

Import pty module and spawn bash shell:

Spawn /bin/bash using Python’s PTY module, and connect the controlling shell with its standard I/O.

python3 -c 'import pty; pty.spawn("/bin/bash")'

Press CTRL + Z to background process and get back to your host machine Use stty command to set terminal line settings and foreground back the target terminal:

stty raw -echo; fg

Set the terminal emulator to xterm:

export TERM=xterm

Press Enter

Fully Interactive TTY #

Background the current remote shell (^Z), update the local terminal line settings with stty2 and bring the remote shell back.

After bringing the job back the cursor will be pushed to the left. Reinitialize the terminal with reset.

“Pty — Pseudo-Terminal Utilities.” 3.8.3 Documentation, https://docs.python.org/3/library/pty.html. ↩︎
“Stty.” Linux Manual Page, https://man7.org/linux/man-pages/man1/stty.1.html. ↩︎

PreviousReverse Shells NextPrivilege Escalation: Sudo

Last updated 1 year ago

hashtagAt a Glance #

hashtagShell to Bash #

hashtagPython PTY Module 1 #

hashtagFully Interactive TTY #

At a Glance #

Shell to Bash #

Python PTY Module 1 #

Fully Interactive TTY #