We all know that feeling, your exploit finally lands and you pop a /bin/sh
shell. You're IN, but now you have to deal with interacting with a dumb shell. Your muscle memory kicks in, and you press the up arrow to rerun a command, and are faced with a ^[[A
on the screen. Frustrating, right? It's like stepping back in time to an era before the comforts of modern shells. No command history, no stderr visibility - just you and a bare-bones command line that doesn't understand your shortcuts or needs. It's enough to make you miss the slick, feature-rich terminals you're used to.
Now for a slightly better approach. We can use our trusty pwntools
to add some additional functionality:
python3 -c "from pwn import*;p=remote('192.168.1.123',31337);p.interactive()"
We've upgraded and have command history, and we can edit commands before we send them, making the remote interaction less of a headache. It's not perfect, but it's an improvment. If we send a command that results in output to