Python
Once we get access to the victim machine we proceed to stabilize the shell: First we need to Ctrl + Z the shell as follows:
1
2
tom@epsilon:/var/www/app$ ^Z
zsh: suspended nc -lvnp 1235
Then type the following command (stty raw -echo; fg) to get the shell back but with a threatment that allows us to for example delete a character, we will receive a message “continued” after that we type reset xterm in order to continue with the shell that was previously backgrounded:
1
2
3
stty raw -echo; fg
[1] + continued nc -lvnp 1235
reset xterm
Afterwards we’ll see that the shell is still pretty akward to work with because its output is staggered, in order to fix this, python3 is always a great tool to do it by executing the following command:
1
python3 -c 'import pty; pty.spawn("/bin/bash")'
Finally modify some environment variables to get the same shell as our attack machine, by first looking into the content of such variables:
1
2
3
4
5
6
7
echo $TERM
unknown
export TERM=xterm
echo $SHELL
/bin/zsh
export SHELL=/bin/bash
Examples: Epsilon [[Antique#^267c9b]]
Script /dev/null
First we run the following command:
1
SHELL=/bin/bash script -q /dev/null
Then, we need to Ctrl + Z the shell as follows:
1
2
root@smtp:/home# ^Z
zsh: suspended nc -lvnp 443
Then type the following command (stty raw -echo; fg) to get the shell back but with a threatment that allows us to for example delete a character, we will receive a message “continued” after that we type reset xterm in order to continue with the shell that was previously backgrounded:
1
2
3
stty raw -echo; fg
[1] + continued nc -lvnp 1235
reset xterm
Finally export the environment variables with commands:
1
2
root@smtp:/home# export TERM=xterm
root@smtp:/home# export SHELL=bash
Examples: Tentacle