📃
Anggi's Notes
  • Tentang Penulis
  • Preambule
  • Tutorial Red Team Area (General)
    • Tutorial Setup VirtualBox
    • Tutorial Setup Kali Linux pada VirtualBox
    • Network Adapter Type pada Virtual Box
    • Tutorial Port Forwarding Pada Virtual Box
    • Mempercepat update/upgrade/install Kali Linux
    • Networking in a Nutshell
    • Linux in A Nutshell
    • Linux Command Intro
    • VA-PT Cheatsheet
    • Penetration Testing Guide & Checklist
    • Pentesting Web checklist
    • NMAP Cheatsheet
    • Bind vs Reverse Shell Concept
    • Reverse Shell Cheatsheet
    • Linux TTY Shell Cheat Sheet
    • Menaikkan Common Shell ke Meterpreter
    • Metasploit Cheatsheet
      • msfvenom
      • searchploit
    • Metasploitable-2
    • Metasploitable-3
    • Linux Privilege Escalation
      • Linux Privilege Escalation with Misconfigured /etc/passwd
      • Linux Privilege Escalation with SUID
      • Linux Privilege Escalation with Misconfigured Sudo
      • Linux Privilege Escalation with MSF
    • DVWA
      • Brute Force
        • Low
        • Medium
        • High
      • Command Injection
        • Low
        • Medium
        • High
      • Local File Inclusion
        • Low
        • Medium
        • High
      • File Upload Vulnerability
        • Low
        • Medium
        • High
      • Cross Site Scripting (XSS)
        • Reflected
          • Low
          • Medium
          • High
        • Stored
          • Low
          • Medium
          • High
        • DOM
          • Low
          • Medium
          • High
      • SQL Injection
        • Non Blind
          • Low
          • Medium
          • High
        • Blind
          • Low
          • Medium
          • High
      • CSRF
        • Low
        • Medium
        • High
    • Pentesting Report Sample
    • Tutorial Penggunaan ZAP
    • Windows VA/Audit
      • DetExploit
      • HardeningKitty
      • Tutorial Installasi OWASP ZAP pada Windows OS
    • Linux VA/Audit dengan Lynis
    • Mobile Security Framework (MobSF) Windows Docker
  • Tutorial Red Team Area (Teknik Windows Attack )
    • Reconnaissance Techniques
    • Windows Red Team Exploitation Techniques
    • Windows Red Team Defense Evasion Techniques
  • Tutorial Blue Team Area
    • Merancang SOC
    • IR Playbook
    • Blue Team Opensource Online Tools
    • Wireshark Query Cheatsheet
  • Temuan Celah Keamanan
    • LFI (Directory Traversal) di redacted.co.id
    • Kredensial Database dan Azure Leaks pada redacted.com
    • HTML Injection di Tokopedia
    • 🤪4300$ Bounty from Opensource automate recon tools, why not?
    • I hacked Mastercard 4 times? But How?
    • LFI dan RCE di aset redacted.com
    • FTPd DOS di aset redacted.co.id
    • Gitlab SSRF di redacted.com
    • Firebase Android database Takeover
    • RCE di 11 Subdomain Dell
    • SSRF di redacted.com
    • Reflected XSS di CelticPipes
    • Git Disclosure di redacted.co.id
    • Open Redirection+XSS pada Private Program Bugcrowd
    • Rails Debug Mode Enabled pada redacted.com
Powered by GitBook
On this page
  • Introduction
  • Cheat Sheet
  • Obtaining a Fully Interactive Shell
  • Conclusion

Was this helpful?

  1. Tutorial Red Team Area (General)

Linux TTY Shell Cheat Sheet

Source https://steflan-security.com

Introduction

During a penetration test, when obtaining access to a remote Linux host via a reverse/bind shell, it can be very painful to issue certain commands over it and it is often a much better option to obtain an interactive shell. These are the main reason why this is a good idea:

  • More shell stability, as things like CTRL+C will no longer close down the connection.

  • Ability to use up, down, left, and right arrows to navigate through and modify commands.

  • Ability to use applications or commands that use a login prompt such as Sudo, MySQL, SSH, etc.

  • Ability to use tab-auto completion in commands.

  • Ability to view commands, output, and file contents in the same terminal size as the host machine.

This article will list the various commands that can be used to obtain a TTY shell and also how to turn it into a fully interactive shell.

Cheat Sheet

The following table contains commands to execute in various scripting languages and tools to

Command

Description

Shell to Bash TTY shell

Python BASH TTY shell

Python 3 BASH TTY shell

Echo BASH TTY shell

BASH TTY shell

Perl BASH TTY shell

Ruby BASH TTY shell

Lua BASH TTY shell

IRB BASH TTY shelll

Vi/Vim BASH TTY shell

Vi/Vim BASH TTY shell

Nano BASH TTY shell

Nmap BASH TTY shell

Obtaining a Fully Interactive Shell

The commands used above can also be issued with sh or /bin/sh, rather than bash or /bin/bash, if BASH is not an option. Once a TTY shell has been achieved, the following commands can be used in order to obtain a fully interactive shell:

#backgrounding the shell process
Ctrl-Z
#checking the number of rows and columns in the host terminal
stty -a
#setting terminal settings like new line, break characters etc.
stty raw -echo
#returning to the shell
fg + ENTER
#declaring environment variables to be able to use cllear etc. and colors
reset
export SHELL=bash
export TERM=xterm-256color
#setting the terminal rows and columns based on the host configuration
stty rows <num> columns <cols>

Conclusion

Having a fully interactive shell can help immensely while enumerating a given host, performing post exploitation techniques and attempting to escalate privileges, and as most Linux systems come with Python or other scripting languages already installed, obtaining one should be fairly effortless.

PreviousReverse Shell CheatsheetNextMenaikkan Common Shell ke Meterpreter

Last updated 1 year ago

Was this helpful?

SHELL=/bin/bash script -q /dev/null
python -c 'import pty; pty.spawn("/bin/bash")'
python3 -c 'import pty; pty.spawn(“/bin/bash”)'
echo os.system('/bin/bash')
/bin/bash -i
perl -e 'exec "/bin/bash";'
ruby -e 'exec "/bin/bash"'
lua: os.execute('/bin/sh')
exec "/bin/sh"
:!bash
:set shell=/bin/bash:shell
CTRO+R CTRL+X reset; /bin/bash 1>&0 2>&0
!bash