# Getting a Fully Interactive TTY Shell

## Method 1: Python TTY Module

```javascript
python3 -c 'import pty;pty.spawn("/bin/bash")'

//Now press CTRL+Z to send the shell in the background

stty -a // get the rows and columns from the first line
stty raw -echo;fg // get back in the shell, Press enter 2 times to get back in

// run the below commands on the compromised machine

stty rows 26 cols 118 // based on the output of stty -a

export TERM=xterm
export TERM=xterm-256color // for colors
exec /bin/bash //I always do this, that's my methodology

// now you should have a full stable shell

```

<figure><img src="/files/Y5RDwKZg7KVpAUO4raVR" alt=""><figcaption><p>stty -a command</p></figcaption></figure>

## Method 2: Using Script Binary (If it is installed on Target System)

```javascript
which script //confirm if script is installed or not
script /dev/null -c bash 

// Now press CTRL+Z to send the shell in the background

stty raw -echo;fg // get back in the shell, Press enter 2 times to get back in

export TERM=xterm

// Now you have a good TTY shell
```

<figure><img src="/files/QdQwusWnZiCw6grdWi9n" alt=""><figcaption></figcaption></figure>

## pwncat-cs (Automated Way) Best One

We can use pwncat listener to get a fully TTY shell automtically

```python
pwncat-cs --listen -p 4444
```

<figure><img src="/files/hlMSI7flt3dqbUOoxYGt" alt=""><figcaption></figcaption></figure>

it has file upload and download feature as well, you need to Press CTRL+D to go to your Local machine and then upload and download files from the target machine to the local machine.

## Penelope Listener (Automated Way)

We can use penelope instead of netcat to get an interactive reverse shell, this automatically upgrades our shell to fully tty

```python
penelope 443  # Start a listener on port 443
```

<figure><img src="/files/VeWVaVfXYpzT3LM9QuRO" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.programmersecurity.com/linux-privilege-escalation/getting-a-fully-interactive-tty-shell.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.