Reverse TTY Shells  - Reverse TTY Shells 1 - Spawn TTY Shells while Hacking
Reverse TTY Shells

Reverse shell during a Hacking / Pentesting exercises or solving some CTF challenge is great, it feels like we are almost there. But than discovering the limitation we feel like What the… We need a more interactive shell. So here is small guide to get beyond and spawning TTY Shells while hacking.

Limitation of not having TTY

cannot use interactive commands like su, ssh, nano
Text not supported with all glory
no job control
no tab complete or up arrow complete
and more…..

So we want to overcome the limitations with a TTY shell. Yes many times the capabilities depend on other system variables so we give a number of method which should work in different environments.

Using Python pty module

This is by far the most popular method. The target server should have python installed. Python pty module will let you spawn PTY Pseudo- Terminal which fools commands like su that it is being run in proper terminal. Always spawn /bin/bash instead of /bin/sh

So this was from Python, we will see few more methods to spawn a TTY shell.

Using expect

Don’t expect all servers to have expect, in case you are lucky enough below are the commands to get a TTY shell.

Using socat

socat can be used to pass a full TTY on TCP connection, again same as above if you are lucky enough to have this on server.

Setup socat listner on you (attacker machine replacing the port number with your listening port.

Now on the machines connect back to attacker, changing the <attacker host> and <listening port>

This article is just a small trick or say help or call whatever that comes handy when hacking, we will cover many more such small helping articles that will build a good knowledge of hacking . These are often used in real world hacking or CTFs. I will try adding more to these basics soon.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here