How to Stabilize a Reverse Shell

Introduction

When doing CTF challenges, it is often favorable to spawn a reverse shell on the target machine. These shells are usually bare-bones and lack a myriad of features. For example, tab-completion and the su command often do not work. Even worse, pressing Ctrl-C completely kills your hard earned shell!

To get around this, I wrote a short blog post showcasing how to quickly get a stabilized reverse shell connection.

Note: This post assumes you already have a reverse shell on the target machine. If you need help getting a reverse shell, I recommend the cheat sheets from HighOn Coffee or Pen Test Monkey. For a more in-depth guide on upgrading reverse shells, I recommend this blog from ropnop.

Stabilizing the Shell

On target machine:

• Run one (1) of the below commands to upgrade your shell:

$ python -c "import pty; pty.spawn('/bin/bash')"
$ ruby -e "exec '/bin/bash'"
$ perl -e "exec '/bin/bash';"

• Now, background it

$ Ctrl+Z

On attacker machine:

• disable text display on the attacker machine and then switch to the foregrounded process (the target’s machine)

$ stty raw -echo && fg

On target machine:

• set the terminal environment to something more appealing (e.g. xterm, xterm-256, etc)

$ export TERM=xterm-256-color

You should now have a stabilized bash shell that can tab complete, clear the screen, and use Ctrl+C!