Spawning Interactive Reverse Shell

Often during pentests, you have a non-tty-shell there are certain commands and stuff you can’t do. This can happen if you upload reverse shells on a web server, so that the shell you get is by the user www-data, or similar. These users are not meant to have shells as they don’t interact with the system as humans do. So if you don’t have a tty-shell you can’t run su, sudo etc. This can be annoying if you manage to get a root password but you can’t use it. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages. So, let’s start with Spawning Interactive Reverse Shell.

Shell Spawning

Python pty Module

Perl

Simple Shells to Fully Interactive TTYs

1. Python to spawn a PTY

2. Put the shell in to background with Ctrl-Z

3. Examine the current terminal and STTY info and match it

The information needed is the TERM type (“xterm-256color”) and the size of the current TTY (“rows 37; columns 146”)

4. Set the current STTY to type raw and tell it to echo the input characters

5. Foreground the shell with fg and re-open the shell with reset

6. stty size to match our current window

7. Set PATH TERM and SHELL if missing

Leave a comment

WhatsApp us