Jason Turley's Website

How to Stabilize a Reverse Shell


When doing CTF challenges, it is often favorable to spawn a reverse shell on the target machine. These shells are usually bare-bones and lack a myriad of features. For example, tab-completion and the su command often do not work. Even worse, pressing Ctrl-C completely kills your hard earned shell!

To get around this, I wrote a short blog post showcasing how to quickly get a stabilized reverse shell connection.

Note: This post assumes you already have a reverse shell on the target machine. If you need help getting a reverse shell, I recommend the cheat sheets from HighOn Coffee or Pen Test Monkey. For a more in-depth guide on upgrading reverse shells, I recommend this blog from ropnop.

Stabilizing the Shell

On target machine:

$ python -c "import pty; pty.spawn('/bin/bash')"
$ ruby -e "exec '/bin/bash'"
$ perl -e "exec '/bin/bash';"
$ Ctrl+Z

On attacker machine:

$ stty raw -echo && fg

On target machine:

$ export TERM=xterm-256-color

You should now have a stabilized bash shell that can tab complete, clear the screen, and use Ctrl+C!

#how-to #security #favorites