Making Your Reverse Shell Fully Interactive
If you've been hacking Linux boxes for some time, you are no doubt aware of the old Python pty trick:
This upgrades our shell to a pty, which allows us to run certain commands and execute certain files that we wouldn't otherwise be able to, but we still do not have an interactive shell. Certain tasks, such as editing files in Nano or Vim are still an infuriating mess of a problem for us. We also don't have tab completion or access to bash history via the up arrow the way we would in a proper shell. What if I told you there was a way to have all that and more?! <infomercial voice>
First, from a non-interactive shell, run the aforementioned python one-liner to spawn a pty. Then hit CTRL + Z to background the shell. Next, run the command stty -a and take note of the values for "rows" and "columns." Next, type stty raw -echo and hit enter. If you attempt to type anything at this point, the terminal will appear to be frozen, but it isn't. At this point, you will type fg <job id of reverse shell> and hit enter. The reverse shell will then return to you. Only one step remains. Now, set the number of rows and columns in the reverse shell to match that of your attack box terminal window with the command stty rows <#rows> cols <#columns>. And there you have it. Here's the full list of commands:
Now you should have a fully interactive shell with tab-completion, command history, and the ability to edit files interactively. Enjoy!!
Credit for making me aware of this trick goes to YouTube user IppSec, who has a great series of video walkthroughs on hackthebox machines, which is full of useful tips and tricks.
$ python -c 'import pty; pty.spawn("/bin/bash")'
This upgrades our shell to a pty, which allows us to run certain commands and execute certain files that we wouldn't otherwise be able to, but we still do not have an interactive shell. Certain tasks, such as editing files in Nano or Vim are still an infuriating mess of a problem for us. We also don't have tab completion or access to bash history via the up arrow the way we would in a proper shell. What if I told you there was a way to have all that and more?! <infomercial voice>
First, from a non-interactive shell, run the aforementioned python one-liner to spawn a pty. Then hit CTRL + Z to background the shell. Next, run the command stty -a and take note of the values for "rows" and "columns." Next, type stty raw -echo and hit enter. If you attempt to type anything at this point, the terminal will appear to be frozen, but it isn't. At this point, you will type fg <job id of reverse shell> and hit enter. The reverse shell will then return to you. Only one step remains. Now, set the number of rows and columns in the reverse shell to match that of your attack box terminal window with the command stty rows <#rows> cols <#columns>. And there you have it. Here's the full list of commands:
#within the reverse shell:
$ python -c 'import pty; pty.spawn("/bin/bash")'
CTRL+Z
#back in the attacker terminal:
stty -a #note num of cols and rows
stty raw -echo
fg <job ID>
#back in reverse shell:
stty rows <#rows> cols <#cols>
Now you should have a fully interactive shell with tab-completion, command history, and the ability to edit files interactively. Enjoy!!
Credit for making me aware of this trick goes to YouTube user IppSec, who has a great series of video walkthroughs on hackthebox machines, which is full of useful tips and tricks.
Comments
Post a Comment