I have seen a lot of people ask about this yet there are not too many good online resources that explain it simply.
When obtaining a reverse shell with a Netcat listener, it is by default non-interactive and you cannot pass keyboard shortcuts or special characters such as tab.
It is quite simple to work around. For starters, in your shell, run python -c 'import pty;pty.spawn("/bin/bash");' to obtain a partially interactive bash shell.
After that, do CTRL+Z to background Netcat. Enter stty raw -echo in your terminal, which will tell your terminal to pass keyboard shortcuts etc. through. Once that is done, run the command fg to bring Netcat back to the foreground. Note you will not be able to see what you are typing in terminal after you change your stty setting. You should now have tab autocomplete as well as be able to use interactive commands such as su and nano.
If you want to see it in action, check out ippsec’s YouTube videos, as he uses this exact method in quite a few of them: ippsec’s channel
@princeade said:
guy, nicely put , i once was looking for how to nano a file though a shell not ssh… had to finally echo my code into the file on the PWK labs…
question: Does this work for all reverse shell gotten through other means like (php, perl and python) or only nc shells?
The majority of connect back shells should work fine. I meant nc as the listening service on the local machine. Refer to the netsec.ws link that @sajkox posted to see other options.
I’ve tried the above method few times, but it failed every time. I don’t understand what am I doing wrong…
After doing fg, Enter key is displayed as ^M
Something like this: