I realised that I have a problem when I am working on a reverse shell. Some keys are not working as expected and are sending extrange characters to the shell instead of their usual behaviour in a usual terminal on Linux. This is only happening on reverse shells.
For example. When I press [UP ARROW] it writes ^[[A on the terminal.
The simple explanation is normally, when you press up, your shell captures that keystroke and does the appropriate action. In a reverse shell, NC is set to (for whatever reason) send that escape sequence when you press up.
Upgrading Simple Shells to Fully Interactive TTYs - ropnop blog
The simple explanation is normally, when you press up, your shell captures that keystroke and does the appropriate action. In a reverse shell, NC is set to (for whatever reason) send that escape sequence when you press up.
Yeah, I have always been a fan of:
python -c ‘import pty; pty.spawn(“/bin/bash”)’
or
python3 -c ‘import pty; pty.spawn(“/bin/bash”)’
adds a little bit comfort to your netcat reverse shell.
python … spawn … is great, but if there is no python on client’s machine, upload a static socat binary and establishe a socat shell, google for ropnop socat upgrade if you need more details.
Hi everyone.
I can’t upgrade simple shells to fully interactive shell.
python,perl, and socat are not installed on the target machine.
binary files cannot be run.
when I try to use this method:
Ctl+Z
stty raw -echo
fg
reset
xterm-256color
export $TERM=xterm
export $SHELL=bash
then after returning to the reverse shell session (using the “fg” command), I can only type text, but the ‘enter’ key does not work.
perhaps someone has encountered such a situation, I would be very grateful for any advice.
also, taking this opportunity, I would like to ask about a way to elevate rights using unux2dox, which has a SETUID bit.
Thank you so much in advance for your help)
Hi everyone.
I can’t upgrade simple shells to fully interactive shell.
python,perl, and socat are not installed on the target machine.
binary files cannot be run.
when I try to use this method:
Ctl+Z
stty raw -echo
fg
reset
xterm-256color
export $TERM=xterm
export $SHELL=bash
then after returning to the reverse shell session (using the “fg” command), I can only type text, but the ‘enter’ key does not work.
perhaps someone has encountered such a situation, I would be very grateful for any advice.
I’ve found that shell upgrades can be a bit tempermental. Not every box facilitates them because it can be down to a lot of factors.
Most of the time I find its quicker to just work with a less than perfect shell.
also, taking this opportunity, I would like to ask about a way to elevate rights using unux2dox, which has a SETUID bit.
Normally if something has SETUID set and runs as root its a case of working out what it does, then subverting that to get it to give you root access. If that binary is a text file converter you might be able to use it to read content that is otherwise restricted - for example: root flags; shadow files etc.
TazWake, thank you for your answer.
I will listen to him and will not waste time on switching to a full-fledged shell, but will work from a simple shell.
I also thank you for your advice on dos2unix.
I was looking for the ability to transfer control to another program or write inaccessible files, and did not pay attention to the ability to read the file at all)
TazWake, thank you for your answer.
I will listen to him and will not waste time on switching to a full-fledged shell, but will work from a simple shell.
I also thank you for your advice on dos2unix.
I was looking for the ability to transfer control to another program or write inaccessible files, and did not pay attention to the ability to read the file at all)
Just to be clear, there is no guarantee my suggestion will work. If it is a CTF then it is likely that the creator has configured things in a specific way that may, or may not, include that approach.