#status/done

Upgrading Simple Shells to Fully Interactive TTYs

  1. Catch your netcat session: nc -nvlp 80
  2. Once you have a pseudo-terminal (e.g. via python -c 'import pty; pty.spawn("/bin/bash")')
  3. You can Press Ctrl-Z to background the shell
  4. Get the terminal type with echo $TERM and the rows/columns and of your current shell with stty size
  5. With the shell still backgrounded, now set the current STTY to type raw and tell it to echo the input characters with stty raw -echo
  6. Next foreground the shell with fg. This will re-open the reverse shell but formatting will be off.
  7. Reinitialize the terminal with reset
  8. Set the shell to the values we've noted from above:
export SHELL=bash
export TERM=xterm256-color
stty rows 38 columns 116
  1. The end result is a fully interactive TTY with all the features we’d expect (tab-complete, history, job control, etc) all over a netcat connection

background_netcat.png

term_stty_info.png

fg_reset.png

netcat_full_tty.png

Cheat sheet

# In reverse shell
python -c 'import pty; pty.spawn("/bin/bash")'
Ctrl-Z

# In Kali
echo $TERM
stty size
stty raw -echo
fg

# In reverse shell
reset
export SHELL=bash
export TERM=xterm-256color
stty rows <num> columns <cols>

[1]

Relevant Note(s):

  1. https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/#method-3-upgrading-from-netcat-with-magic ↩︎