INTERACTIVE SHELLS

UPGRADING TERMINAL

when connecting to a remote shell using netcat, a basic non-interactive shell is typically received. this limited shell lacks features such as cmd history, tab completion, and proper signal handling. this is because it is running over a raw TCP socket and not a fully interactive terminal session. upgrading the shell is optional, but highly recommended after gaining a foothold as it significantly improves usability and enables more effective control over the target system. from an OPSEC and non-attribution perspective, upgrading the TTY may introduce risks. Commands used to spawn a pseudo-terminal (such as those involving python, script, or bash can leave artifacts in shell history, logs, or be flagged by defensive monitoring tools. In stealth-sensitive operations, it's important to weigh the benefits of interactivity against the potential for detection and attribution

METHOD

PYTHON

www-data@remotehost$ python3 -c 'import pty; pty.spawn("/bin/bash")'
 * ALT: python -c 'import pty; pty.spawn("/bin/bash")'
    - if on a python2 environment
    - remove spacing if required
       - python3 -c'import pty;pty.spawn("/bin/bash")'
    
www-data@remotehost$ Ctrl-Z           # Background the current Netcat shell

root@oco:~$ stty raw -echo            # Set raw mode, disable local echo
root@oco:~$ fg                        # Resume Netcat session

 * this fixes the local terminal
 
root@oco:~$ Enter
root@oco:~$ Enter

 * after fg cmd the terminal will show a blank line input "reset" or hit the enter key
   twice to bring back the terminal output
 
#OPTIONAL
root@oco:~$ echo $TERM
 xterm-256color
root@oco:~$ stty size
 67 318
 
 * display the values of rows and columns of the TERM variable
 
www-data@remotehost$ export TERM=xterm-256color                 # this is an optional cmd but helps programs such as nano, htop, or less to display properly.
www-data@remotehost$ stty rows 67 columns 318    
        
 * the optional cmds will reconfigure the netcat shell to use the terminal's full 
   features, similar to an SSH connection.

BASH

this provides a full pseudo-terminal with logging disabled and shell behavior that closely mimics a real terminal. It’s more robust than pty.spawn(). this is often used after pty.spawn() if small quirks are experienced or if the script cmd is available on the target

target@revShell:~$ script /dev/null -c bash

 * this must be used after a reverse shell is triggered

PreviousSSHNext02.THROUGH

Last updated