Skip to main content

Category: pentest

Spawning interactive TTY from simple shell

So you got a connection from reverse shell and want to upgrade it to a fully interactive TTY? Below you will find a set of commands that you can use to spawn interactive terminal from “dumb” shell to have all features of interactive terminal: tab-completion, access to history with arrow keys, job control, STDERR, ability to use programs like vim, su, login, ssh, etc. The topic isn’t new - it is described multiple times on the internet, however - in this post, I will show you my approach and how to resolve some issues you might encounter.

Escape to shell

This post is a short reference of techniques to spawn a shell from regular Linux / Unix programs or scripting language interpreters. Cheat-sheet is useful for getting out of limited environments or privilege escalation via misconfigured sudo profiles. Please note that not all techniques presented here will work in every restricted environment, so it is up to you to find which methods will suit you best, depending on the situation.

Reverse shell cheat sheet

Often after gaining remote code execution, we want to get some interactive access - instead of issuing a single command or interacting with the web shell. Options are limited to the software installed on the target system unless you can upload your binary. This post contains a collection of reverse shells using different programs, scripting, or programming languages gathered over time. It might be helpful during penetration tests, CTFs, or courses like OSCP.