The latest articles on DEV Community by Abdullah Elmasry (@0xmrmasry). https://dev.to/0xmrmasry https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1652326%2Fa884c10c-7e63-4cc2-8131-43b4ba2ab3b7.jpg https://dev.to/0xmrmasry en Abdullah Elmasry Thu, 14 Nov 2024 20:09:09 +0000 https://dev.to/0xmrmasry/upgrading-simple-shells-to-fully-interactive-ttys-49eb https://dev.to/0xmrmasry/upgrading-simple-shells-to-fully-interactive-ttys-49eb <p>Imagine you’re a hacking pro, right? You pull off this cool move, catching a reverse shell with netcat. The netcat messages start showing off, and the “id” command spills secrets like a chatterbox.</p> <p>But, oh boy, here comes the buzzkill! You’re typing away, a command misbehaves, you freak out, hit “Ctrl-C,” and suddenly, the whole connection goes poof.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgfkhfx01g0klbp8uor4a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgfkhfx01g0klbp8uor4a.png" alt="0ops !&lt;br&gt; " width="800" height="328"></a></p> <p>Now, these not-so-smart shells have more issues than a cat trying to sneak past a bunch of dogs:</p> <ol> <li><p>Commands like “su” and “ssh” act like drama queens, demanding a fancy terminal.</p></li> <li><p>STDERR stays hidden, like it’s playing hide and seek.</p></li> <li><p>Using text editors like Vim becomes a slapstick comedy — imagine trying to teach a robot to tango.</p></li> <li><p>Tab completion? It takes a vacation, and it’s not sending a postcard.</p></li> <li><p>Going back in command history with the up arrow? Nope, too old-school.</p></li> <li><p>Job control? It’s like a part-time job — doesn’t work full hours.</p></li> </ol> <p>And the comedy show goes on…</p> <p>To keep it simple, catching those shells is okay, but I really prefer working with a fully interactive TTY. It just makes things smoother.</p> <p>First you need to upgrade your shell using one of those commands :</p> <blockquote> <p>$ <strong>python</strong> -c "import pty; pty.spawn('/bin/bash')"</p> </blockquote> <p>or</p> <blockquote> <p>$ <strong>ruby</strong> -e "exec '/bin/bash'"</p> </blockquote> <p>or</p> <blockquote> <p>$ <strong>perl</strong> -e "exec '/bin/bash';"</p> </blockquote> <p>for me i will use python</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fempigaaz8izcp2ecgh34.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fempigaaz8izcp2ecgh34.png" alt="spawn a pty shell" width="800" height="244"></a></p> <p><strong>Next</strong> , Press <code>CTRL + Z</code> to background process and get back to your host machine</p> <p><strong>Then</strong> , Use stty command to set terminal line settings and foreground back the target terminal:</p> <blockquote> <p>$ <strong>stty</strong> raw -echo; fg</p> </blockquote> <p><strong>Finally</strong>, Set the terminal environment to something more appealing (e.g. xterm, xterm-256, etc):</p> <blockquote> <p>$ <strong>export</strong> TERM=xterm-256-color</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ak4gizag6c5wnr1vxtg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9ak4gizag6c5wnr1vxtg.png" alt="You should now have a stabilized bash shell that can tab complete, clear the screen, and use raw `CTRL + C` endraw !" width="800" height="570"></a></p> <p>You should now have a stabilized bash shell that can tab complete, clear the screen, and use <code>CTRL + C</code>!</p> <p><strong>Here’s another trick in the bag to secure a stable terminal window, you can turn to the socat command-line tool. The only catch is that the target machine might not have this tool ready to roll out of the box. So, you’ll have to take a few extra steps to get it installed.</strong></p> <p>For more details, check out the reference on</p> <p><a href="https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/" rel="noopener noreferrer"><strong>Upgrading Simple Shells to Fully Interactive TTYs</strong></a></p> <h3> Thanks for reading &lt; 3 </h3> linux shell cybersecurity security