Often when we get a shell by exploiting vulnerabilities, the shell that we getting is a dumb terminal or not and interactive shell. This means that you cannot
ctrl+c when accidentally run command such as
ping where you need to terminate the process. If you do
ctrl+c this not only kills the
ping process, but also your shell.
To overcome this, I made a guide here where you can follow to convert your non-interactive shell to fully interactive shell.
Get victim shell connection from your exploit either reverse or bind shell.
On victim shell, upgrade the shell to tty shell. The most common is you can use python to spawn tty shell by using the pty built-in library. Make sure to spawn
/bin/sh. Read more here to see other methods of upgrading shell to tty shell.
$ python -c 'import pty;pty.spawn("/bin/bash")'
Export some vars to the victim shell session. The best is to check your local terminal
$TERM vars so that it same on the target terminal session.
echo $TERM xterm-256color
Export that value on the target shell session.
export TERM=xterm-256color export SHELL=/bin/bash
On your local terminal, check for terminal rows and columns.
stty size 24 103
what you need to take note here is the current terminal rows and columns which is for me rows 24 and columns 103. You might be different.
On the victim shell, fork the shell to background by pressing
ctrl+z and you’ll bring back to your local terminal.
^Z + Stopped nc -lvp 9091
Execute the following command to set the terminal to echo the input characters so that it catch by the victim terminal session. Follow with the command
fg to bring back the victim shell to foreground.
stty raw -echo;fg
After that, your cursor might be somewhere on the middle of the terminal, type
reset to reset the victim terminal session.
stty raw -echo;fg nc -lvp 9091 reset
Your victim terminal is now interactive, but it is not done yet. You need to specify the “new” terminal with rows and columns to make it display properly.
stty rows 24 columns 103
Now you’re happy with the fully interactive shell on victim.
If you do not have Python on the box
export TERM=xterm SHELL=/bin/bash script -q /dev/null