I have created a Python script with Netcat and Pexpect lib. it is really good. it can do the all things that you do to make an interactive shell. it has other functions. you can check those out on Github page. (included screenshots)
You can also support me by donating me.
GitHub → GitHub - luckythandel/netx: Easy tool to get a reverse shell.
Nice work.
I read only fast through the code, but I get the impression you use colors after a connection, but before spawning a shell… You sure that works consistent? I’m sure that will work most of the times, but not always.
The machine enterprise would be a good one to test it on: get a shell from the Joomla or Wordpress and see what happens.
Unless I misinterpret the code I’d expect the funny color-characters on your screen, in stead of displaying the actual colors.
Type your comment> @gnothiseauton said:
Nice work.
I read only fast through the code, but I get the impression you use colors after a connection, but before spawning a shell… You sure that works consistent? I’m sure that will work most of the times, but not always.
The machine enterprise would be a good one to test it on: get a shell from the Joomla or Wordpress and see what happens.
Unless I misinterpret the code I’d expect the funny color-characters on your screen, in stead of displaying the actual colors.
Yes, I faced some issues after gaining a shell. it was disconnection after a while. but i fixed it. there was some problem with a timeout. but you can use it. Please try it. I want some reviews more than money.
Type your comment> @luckythandel said:
Type your comment> @gnothiseauton said:
(Quote)
Yes, I faced some issues after gaining a shell. it was disconnection after a while. but i fixed it. there was some problem with a timeout. but you can use it. Please try it. I want some reviews more than money.
I don’t need to try it to give my feedback: from the code I see, I believe that in the borderline cases where a tool like this could shine, it will make my life difficult, cluttering up my screen:
What I said is not about connection. It’s about there’s states in which your terminal will not produce colors and just spit out the color-characters to screen. Looking at your screenshots, I’d suspect that it would first produce a blurry mess and finally leave me with no shell, cause in the case I’m pointing to, it just won’t. I have like a 5% doubt about my color statement, but 100% confidence it won’t produce a proper shell there.
If you are looking for my honest feedback: a tool should give me the feeling I can do more than I can normally do. Take sqlmap: it’s like a ■■■■ of a lot smarter and faster than I am, dirbuster can look for more stuff, faster than I ever can.
With this tool, I’d currently feel more limited than usual in times I need it most. So in it’s present state I would not use it.
But that’s just one man’s opinion. Furthermore, before feelings or moral get hurt: spin up that machine and verify if I’m talking bullsh*t or not.
I’m not trying to break down you tool, in the contrary I’m trying to point you to a somewhat hard-to-find and borderline cases that, if you can overcome them with your tool, you might give people the feeling they can do more than they normally can.
Type your comment> @gnothiseauton said:
Type your comment> @luckythandel said:
Type your comment> @gnothiseauton said:
(Quote)
Yes, I faced some issues after gaining a shell. it was disconnection after a while. but i fixed it. there was some problem with a timeout. but you can use it. Please try it. I want some reviews more than money.I don’t need to try it to give my feedback: from the code I see, I believe that in the borderline cases where a tool like this could shine, it will make my life difficult, cluttering up my screen:
What I said is not about connection. It’s about there’s states in which your terminal will not produce colors and just spit out the color-characters to screen. Looking at your screenshots, I’d suspect that it would first produce a blurry mess and finally leave me with no shell, cause in the case I’m pointing to, it just won’t. I have like a 5% doubt about my color statement, but 100% confidence it won’t produce a proper shell there.If you are looking for my honest feedback: a tool should give me the feeling I can do more than I can normally do. Take sqlmap: it’s like a ■■■■ of a lot smarter and faster than I am, dirbuster can look for more stuff, faster than I ever can.
With this tool, I’d currently feel more limited than usual in times I need it most. So in it’s present state I would not use it.
But that’s just one man’s opinion. Furthermore, before feelings or moral get hurt: spin up that machine and verify if I’m talking bullsh*t or not.I’m not trying to break down you tool, in the contrary I’m trying to point you to a somewhat hard-to-find and borderline cases that, if you can overcome them with your tool, you might give people the feeling they can do more than they normally can.
I respect your opinion. and I want to tell you that I used it on only one Box “Tabby”. It works fine on that one. but I can’t use it on other machines because I am VIP on HTB. Can u please do that
I understand, but even if I try it, it wouldn’t make any difference, right:
Cause either way you could never verify it, nor fix it because you have no use-case. We’d waste both our times.
I’m pretty sure of what I say without trying, otherwise I wouldn’t put in the time to write it in the first place.
You don’t really need VIP, but I can’t help you setting up a borderline case.
You’ll need to find a shell that doesn’t output colors and you’ll instantly see what I mean.
I don’t really master the whole tty business: I mostly know how to turn it on, but I never really looked on how to turn it off actually.
Maybe someone more knowledgeable than me can explain this man how to get a shell without tty?
An sh-shell, no tty, no colors (as an option disabled access to python, but enabled perl). Those are real world condition you will come across.
Run your code against that and you’ll see what I mean.
A quick google search came up with this: linux - How to simulate a shell without tty? - Super User
Not sure if this article will result in the case I’m trying to point to, but it sounds about right.
Type your comment> @gnothiseauton said:
I understand, but even if I try it, it wouldn’t make any difference, right:
Cause either way you could never verify it, nor fix it because you have no use-case. We’d waste both our times.
I’m pretty sure of what I say without trying, otherwise I wouldn’t put in the time to write it in the first place.You don’t really need VIP, but I can’t help you setting up a borderline case.
You’ll need to find a shell that doesn’t output colors and you’ll instantly see what I mean.
I don’t really master the whole tty business: I mostly know how to turn it on, but I never really looked on how to turn it off actually.Maybe someone more knowledgeable than me can explain this man how to get a shell without tty?
An sh-shell, no tty, no colors (as an option disabled access to python, but enabled perl). Those are real world condition you will come across.
Run your code against that and you’ll see what I mean.A quick google search came up with this: linux - How to simulate a shell without tty? - Super User
Not sure if this article will result in the case I’m trying to point to, but it sounds about right.
I don’t think I am good as you. I just created it to because it was frustrating to type those commands by self. I really respect your opinion. but I can barely understand it. umm
But I think this will work in most boxes. right?
Btw, I tried to use this on sh as you said but locally. and I still don’t know if it was the reason for it to work.
Frustration is always a good motivator 
For the last 20 boxes or so I did, it will work on about 18 of them.
Take the following words with a grain of salt, cause I’m not entirely sure, but as far as my understanding goes: ‘tty’ is like a group of features that can be used to enhance a terminal.
A simple example is the colors, it just sees those special characters and in stead of just printing them to the screen, it interprets them as a color, doesn’t print the color-characters to screen, but in stead hides them and gives the user a color.
Without tty, the terminal won’t do that… it will just see color-characters and print them to screen, without colors.
In a way: when activated, it adds a layer of intelligence and features to your terminal.
Now, your script is trying to activate this extra layer of intelligence. That’s it’s core fumction.
But before finishing that task, you use features (like colors) that can only be used when that layer is already activated.
It’s this fundamental misunderstanding I am trying to point out and I’m trying to provide you with an example on your local machine.
For that you’ll need to have a terminal where tty is deactivated. The link I referred to may help you with that.
P. S. I don’t think it’s about being better or worse, if anything it should be about helping each other.
Type your comment> @gnothiseauton said:
Frustration is always a good motivator
For the last 20 boxes or so I did, it will work on about 18 of them.
Take the following words with a grain of salt, cause I’m not entirely sure, but as far as my understanding goes: ‘tty’ is like a group of features that can be used to enhance a terminal.
A simple example is the colors, it just sees those special characters and in stead of just printing them to the screen, it interprets them as a color, doesn’t print the color-characters to screen, but in stead hides them and gives the user a color.
Without tty, the terminal won’t do that… it will just see color-characters and print them to screen, without colors.
In a way: when activated, it adds a layer of intelligence and features to your terminal.Now, your script is trying to activate this extra layer of intelligence. That’s it’s core fumction.
But before finishing that task, you use features (like colors) that can only be used when that layer is already activated.
It’s this fundamental misunderstanding I am trying to point out and I’m trying to provide you with an example on your local machine.For that you’ll need to have a terminal where tty is deactivated. The link I referred to may help you with that.
P. S. I don’t think it’s about being better or worse, if anything it should be about helping each other.
OK, I get it now. but I guess there is a manual mode in the script. which lets you handle the commands all you have to do is press the “y” or “n”
when you will press “y” it will run that command(exp: stty raw -echo)
when you will press “n” it will let you control the shell without running the command. fr example, you can run “python -c 'import pty…” command. and when it will ask for another command you can just press “n” to control to drop all upcoming questions and will let you interact with the shell.
Am i correct? will it help?