Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
Powered by GitBook
On this page
  • Method 1: Python TTY Module
  • Method 2: Using Script Binary (If it is installed on Target System)
  • pwncat-cs (Automated Way) Best One
  • Penelope Listener (Automated Way)
  1. Linux Privilege Escalation

Getting a Fully Interactive TTY Shell

PreviousJSON to txt WordlistNextDocker Container Escape

Last updated 1 month ago

Method 1: Python TTY Module

python3 -c 'import pty;pty.spawn("/bin/bash")'

//Now press CTRL+Z to send the shell in the background

stty -a // get the rows and columns from the first line
stty raw -echo;fg // get back in the shell, Press enter 2 times to get back in

// run the below commands on the compromised machine

stty rows 26 cols 118 // based on the output of stty -a

export TERM=xterm
export TERM=xterm-256color // for colors
exec /bin/bash //I always do this, that's my methodology

// now you should have a full stable shell

Method 2: Using Script Binary (If it is installed on Target System)

which script //confirm if script is installed or not
script /dev/null -c bash 

// Now press CTRL+Z to send the shell in the background

stty raw -echo;fg // get back in the shell, Press enter 2 times to get back in

export TERM=xterm

// Now you have a good TTY shell

pwncat-cs (Automated Way) Best One

We can use pwncat listener to get a fully TTY shell automtically

pwncat-cs --listen -p 4444

it has file upload and download feature as well, you need to Press CTRL+D to go to your Local machine and then upload and download files from the target machine to the local machine.

Penelope Listener (Automated Way)

We can use penelope instead of netcat to get an interactive reverse shell, this automatically upgrades our shell to fully tty

penelope 443  # Start a listener on port 443

stty -a command