Stabilizing a Reverse Shell for Interactive Access: A Step-by-Step Guide
Prerequisites
This is a post exploitation process. Follow the steps if you have already got a reverse shell connection from the target machine.
Before we begin, ensure that the target machine has Python 2 or 3 installed. This will be essential for implementing the steps outlined in this guide.
run the commands below to check :
which python or
which python3After running these commands if you get output like these /usr/bin/python or /usr/bin/python3. It means python is installed in the target system and we can move on to the next step.
Stabilize your shell :
- Import the
ptyModule and Spawn a Bash Shell :
On your target machine execute the following command:
python3 -c ‘import pty;pty.spawn(“/bin/bash”)’2. Background the Process :
Once the shell is spawned, you might notice that the interaction isn’t entirely smooth yet.
Press CTRL + Z to temporarily background the process. This will allow you to regain control of your host machine while keeping the spawned shell active on the target.
3. Adjust Terminal Line Settings and Bring the Shell to the Foreground :
To enhance the interactive experience, you’ll need to tweak the terminal settings of your host machine.
now run the following command in your host machine :
stty raw -echo; fgThis combination of commands adjusts the terminal settings to enable a smoother flow of input and output and will bring back the shell that you minimized previously.
4. Set the Terminal Emulator to xterm :
After bringing the shell back, for optimal compatibility and usability, set the terminal emulator to xterm on your target machine using the following command:
export TERM=xtermThis step ensures that the system interprets the terminal environment correctly.
Explanation :
- The
ptymodule is pivotal for creating and managing pseudo-terminals, which allow us to interact programmatically with processes and their controlling terminals. - The
pty.spawn()function is used to start a new process and link its controlling terminal with the current process’s standard I/O. This establishes a more interactive connection. - The
sttycommand enables us to modify terminal settings. By usingstty raw, we activate raw mode, which reads characters one at a time instead of waiting for a complete line. Thestty -echocommand disables echoing, preventing your input from being displayed on the screen. - The
export TERM=xtermcommand sets the terminal emulator toxterm. This ensures that the system interprets the terminal characteristics correctly for a smoother interaction.
Following these steps, you can stabilize a reverse shell manually.
However, you can use this tool https://github.com/calebstewart/pwncat as well. This tool has a lot of in built features that can help you in your pentest or CTFs.
