Shells

LogoOnline - Reverse Shell Generator
LogoPayloadsAllTheThings/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThingsGitHub
Logoexplainshell.com - match command-line arguments to their help text

Upgrade tty shell to full Shell

//# Upgrading simple shells to fully interactive TTYs   #
python -c 'import pty; pty.spawn("/bin/bash")'
// fix tty
script /dev/null -c bash
fg
stty raw -echo; fg
reset xterm
tty
export TERM=xterm
echo $SHELL
	
stty size rows 44 columns 185
// reverse shell on netcat

script /dev/null -c bash
Control + Z
stty raw -echo; fg
reset xterm
export TERM=xterm


---IN ANOTHER CONSOLE IN KALI:----
stty size (in my case 47 and 235 [rows and columns respectively])

---WE GO BACK TO THE NETCAT REVERSE SHELL---
stty rows 47 columns 235

And we will already have a fully interactive shell with the appropriate proportions.

(you may also need to do an export SHELL=bash on the victim machine)
// find setuid binary
search gtfobins as per below

Upgrading remote shells (Unix machines only)

(For upgrading Windows shells click here

Usually, after catching a shell through netcat you are placed in a shell that has very limited functionality. The features I miss the most are command history (and using the ‘up’ and ‘down’ arrows to cycle through them) and tab autocompletion. It can feel quite disorienting working in a shell that is missing these vital features.

Note: To check if the shell is a TTY shell use the tty command.

Upgrade to fully interactive shell using Python:

If the remote machine has Python installed you can easily upgrade to a fully functional TTY shell.

  1. First, after recieving your reverse shell you need to check the availability of Python. You can do this with the which command.

If any of these are installed this command will return the full path of the installed binary.

Note: The which command will only report programs that are installed in a folder that exists in $PATH. Python will almost always be in a $PATH directory so this should not be an issue.

  1. Next, on the victim machine type the below command (using the version of python that is available on the machine!)

Your command prompt may or may not change to reflect the new shell. If it does not change, do not panic as this is configured locally and will depend on setting on the machine you are on.

  1. Next, type ctrl-z to send your shell to the background.

  2. On your attack platform, you will need to set up your shell to send control charcters and other raw input through the reverse shell. You can do this by using the stty command as below.

The second command above will report the size of your terminal window in rows and columns. This is useful for command output that either fills the whole terminal (such as when using programs such as nano or vim) or that would output lines that are too long to fit in the window. Fixing the window size will allow for word-wrapping instead of cutting off output that is too long.

  1. After that, type the command fg to return the reverse shell to the foreground. You may need to hit [enter] once or twice to get your prompt to show again.

  2. Next, on the victim machine type the below commands to set some important environment variables.

Viola! You should now be the proud owner of a shiny new fully upgraded TTY shell with command history using the ‘up’ and ‘down’ arrows. This shell will also allow you to use the command clear to clear your screen and ‘control’ commands, such as ctrl-c to kill remotely running processes rather than your own shell! Enjoy!

more upgrade shells

LogoUpgrading Simple Shells to Fully Interactive TTYsropnop blog
PreviousPrivilege escalationNextAutoroute

Last updated

Was this helpful?