How to stabilize a simple reverse shell to a fully interactive terminal

Auth: jawstar

Problem:

In CTFs (Capture the Flag) competitions when you get back the reverse shell from target machine, usually it comes without autocompletion and symbol deletion options. This limits your effectiveness in capturing the flags on the target machine.

Prerequisite:

1. Target machine must have Python 2 or 3 installed

Stabilize your shell:

1. Import pty module and spawn bash shell:

python3 -c 'import pty;pty.spawn("/bin/bash")'

Press CTRL + Z to background process and get back to your host machine

• Use stty command to set terminal line settings and foreground back the target terminal:

stty raw -echo; fg

Set the terminal emulator to xterm:

export TERM=xterm

Press Enter

Explanation:

1. The pty module defines operations for handling the pseudo-terminal concept: starting another process and being able to write to and read from its controlling terminal programmatically.
2. The pty.spawn() - spawns a process, and…