Reverse shell. Extrange characters when pressing ESC, arrow, etc. '^[[A'

edited November 2020 in Tools

Hi guys,

I realised that I have a problem when I am working on a reverse shell. Some keys are not working as expected and are sending extrange characters to the shell instead of their usual behaviour in a usual terminal on Linux. This is only happening on reverse shells.

https://i.ibb.co/LrksyR4/Captura.jpg

For example. When I press [UP ARROW] it writes ^[[A on the terminal.

OS: Kali Linux
Terminal: Native Linux terminal.

I googled for it but nothing.

Why is this happening?

Thank you very much!

Hack The Box

Comments

  • https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
    The simple explanation is normally, when you press up, your shell captures that keystroke and does the appropriate action. In a reverse shell, NC is set to (for whatever reason) send that escape sequence when you press up.

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @clubby789 said:

    https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
    The simple explanation is normally, when you press up, your shell captures that keystroke and does the appropriate action. In a reverse shell, NC is set to (for whatever reason) send that escape sequence when you press up.

    Yeah, I have always been a fan of:
    python -c 'import pty; pty.spawn("/bin/bash")'
    or
    python3 -c 'import pty; pty.spawn("/bin/bash")'

    :)

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Thank you very much! I supposed it could be something related to that.

    Hack The Box

  • @mfvazquezr said:

    Thank you very much! I supposed it could be something related to that.

    I am 99.99999999999% confident it is this.

    If it wasn't, it wouldn't only happen on reverse shells.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • rlwrap nc -lvnp 7777 (or whichever port you like)

    adds a little bit comfort to your netcat reverse shell.

    python ... spawn ... is great, but if there is no python on client's machine, upload a static socat binary and establishe a socat shell, google for ropnop socat upgrade if you need more details.

  • That's just how 'dumb' rev shells work. If you want a fully interactive shell you're gonna have to upgrade it with:

    python -c 'import pty; pty.spawn("/bin/bash")'
    

    or

    python3 -c 'import pty; pty.spawn("/bin/bash")'
    

    And then the standard:

    Ctl+Z
    stty raw -echo
    fg
    reset
    xterm-256color
    export $TERM=xterm
    export $SHELL=bash
    

    and then set the correct terminal dimensions

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Hi everyone.
    I can't upgrade simple shells to fully interactive shell.
    python,perl, and socat are not installed on the target machine.
    binary files cannot be run.
    when I try to use this method:
    Ctl+Z
    stty raw -echo
    fg
    reset
    xterm-256color
    export $TERM=xterm
    export $SHELL=bash

    then after returning to the reverse shell session (using the "fg" command), I can only type text, but the 'enter' key does not work.
    perhaps someone has encountered such a situation, I would be very grateful for any advice.
    also, taking this opportunity, I would like to ask about a way to elevate rights using unux2dox, which has a SETUID bit.
    Thank you so much in advance for your help)

  • @3TON said:

    Hi everyone.
    I can't upgrade simple shells to fully interactive shell.
    python,perl, and socat are not installed on the target machine.
    binary files cannot be run.
    when I try to use this method:
    Ctl+Z
    stty raw -echo
    fg
    reset
    xterm-256color
    export $TERM=xterm
    export $SHELL=bash

    then after returning to the reverse shell session (using the "fg" command), I can only type text, but the 'enter' key does not work.
    perhaps someone has encountered such a situation, I would be very grateful for any advice.

    I've found that shell upgrades can be a bit tempermental. Not every box facilitates them because it can be down to a lot of factors.

    Most of the time I find its quicker to just work with a less than perfect shell.

    also, taking this opportunity, I would like to ask about a way to elevate rights using unux2dox, which has a SETUID bit.

    Normally if something has SETUID set and runs as root its a case of working out what it does, then subverting that to get it to give you root access. If that binary is a text file converter you might be able to use it to read content that is otherwise restricted - for example: root flags; shadow files etc.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • TazWake, thank you for your answer.
    I will listen to him and will not waste time on switching to a full-fledged shell, but will work from a simple shell.
    I also thank you for your advice on dos2unix.
    I was looking for the ability to transfer control to another program or write inaccessible files, and did not pay attention to the ability to read the file at all)

  • @3TON said:

    TazWake, thank you for your answer.
    I will listen to him and will not waste time on switching to a full-fledged shell, but will work from a simple shell.
    I also thank you for your advice on dos2unix.
    I was looking for the ability to transfer control to another program or write inaccessible files, and did not pay attention to the ability to read the file at all)

    Just to be clear, there is no guarantee my suggestion will work. If it is a CTF then it is likely that the creator has configured things in a specific way that may, or may not, include that approach.

    Its always worth trying things though.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.