Hey Guys,
Today we will learn how to get an interactive shell from a dumb shell, In this Post we need a exploited shell already to do our rest of the things to get a flexible shell in there.
So, I used Metasploitable-2 Machine and i exploited the machine using SSH.
Let’s Start
I already logged in with the SSH login using the Credentials: Username-user; password-user.
The shell we have in the above picture is not an interactive shell, that means we can’t perform and execute our commands (eg. clear is not working here)with ease as we do in our local terminal. so we will try here to convert this low interactive shell to an interactive one.
- Always check for python in the exploited machine, if you have one you can try to get the python tty shell, so for that we need to check what version of python is in use.
- which python command will help to find out what version of python the victim machine is having.
- Then we can try to spawn a tty shell using python command python -c ‘import pty;pty.spawn(“/bin/bash”)’ this command calls the command function using the character C and it imports pty module which offers pseudo-terminal abilities and it spawn a /bin/bash shell for us
- We already have a shell similar to the python one so we don’t see any difference in it.
- you may have to background the session by using the key CTRL+Z (Optional)
- you need to check your current terminal type using the command echo $TERM. And it is xterm-256color
2. We need to check its characteristics using the command stty -a.
We need to note down the number of columns and rows it is showing in there, because it helps a lot to maximize the terminal size for an interactive shell.
3. Now we need to add up a command that allow us to perform keyboard shortcuts in the interactive shells. we need to use this command stty raw -echo to do so.
4. We need to perform a linux functionality in here, in substep 4 we did back-grounded a session right we need to foreground it now in here, if you didnt do that at that time you can skip this step.
Note: When you are typing it will be blank spaces only just hit enter.
5. Then we need to rest it using reset command then you need to specify the terminal type as xterm
Then finally you need to setup the terminal type and shell type using these commands
export TERM=xterm
export SHELL=bash
Then finally we need to specify the rows and columns size using stty rows 56 columns 213 command.
The above command will help you to setup the interactive shell size where your long command will not go into a mess when you type.
Now I can clear the terminal and i can make use of it with ease.
This method of getting an interactive shell is an important and basic one too. we have several other methods to spawn an interactive shell.
see you again in another blog with another interesting topic
Thank you
AUTHOR:
SAM NIVETHAN V J
Security Analyst & Trainer
Securium Solutions Pvt Ltd.