[This is a clone of this post just for avoid it may be lost. All attribution is to its author (Mike)]

I’ve seen the python pty trick in a few places, first when taking OSCP labs. However, if you’ve noticed there’s still some problems. 2 years ago at HackFest @r00k did a presentation where he improved the quality of the shell dramatically. Last year at HackFest, @jeffmcjunkin posted further improvements. All credit goes to them, and the excerpt below comes directly from Jeff McJunkin’s SEC560 notes.

Update 18/Jul/2018: It looks like a very similar (if not exactly the same) technique is used in the following video, for those of you that want to see it in action. $

Note that after entering the stty raw -echo, you’re not going to see the fg get typed, and your terminal is going to be awful wonkey.

Gaining a comfortable shell with a TTY after gaining a netcat shell:
python -c 'import pty; pty.spawn("/bin/bash")'
Background the shell by pressing Ctrl-Z
    (on your local terminal) echo $TERM 
    (on your local terminal) stty -a | head -n1
    (on your local terminal) stty raw -echo 
    (on your local terminal) fg
        export HOME=/your/home/directory
        export SHELL=/bin/bash
        export TERM=(whatever output you got from “echo $TERM” above)
        stty rows X columns Y (using the output from “stty -a | head -n1” above)

echo $TERM should return xterm-256color on Kali.

The short of the commands listed below, with the exception of possibly the HOME and the X and Y rows.

python -c 'import pty; pty.spawn("/bin/bash")'
CTRL-Z
stty -a | head -n1
stty raw -echo
fg
export HOME=/root
export SHELL=/bin/bash
export TERM=xterm-256color
stty rows X columns Y

Enjoy your tab complete, vim, and everything else!



blog comments powered by Disqus