Problem:
In CTFs (Capture the Flag) competitions when you get back the reverse shell from target machine, usually it comes without autocompletion and symbol deletion options. This limits your effectiveness in capturing the flags on the target machine.
Example of reverse shell terminal:
Prerequisite:
- Target machine must have Python 2 or 3 installed
Stabilize your shell:
- Import pty module and spawn bash shell:
python3 -c 'import pty;pty.spawn("/bin/bash")'
- Press
CTRL + Z
to background process and get back to your host machine - Use stty command to set terminal line settings and foreground back the target terminal:
stty raw -echo; fg
- Set the terminal emulator to xterm:
export TERM=xterm
- Press Enter
Explanation:
- The
pty
module defines operations for handling the pseudo-terminal concept: starting another process and being able to write to and read from its controlling terminal programmatically. - The
pty.spawn()
- spawns a process, and connect its controlling terminal with the current process’s standard io. stty
is a tool used to set the input and output settings for the terminal interface. Basically, this command shows or changes terminal characteristics.stty raw
- activates raw mode, where instead of reading a whole line, characters are read one at a time. In addition to that, some special characters such as the # will not work. The # character is used to erase the last typed character. Withstty raw
you can't hitCtrl-C
to end a process. Reference.stty -echo
the dash means "disable" a setting. In this case, we are disablingecho
to not echo back our typing.- The
export TERM=xterm
command sets the terminal emulator to xterm. In other words, it just tells the system what kind of terminal you're supposedly using and how the text on the screen should be adapted. The defaultTERM
setting for Ubuntu isxterm
. You can check your TERM setting by runningecho $TERM
Other solutions:
Another way to get stabilized terminal window is to use socat
command-line tool. One disadvantage of that method is that the target machine may not have this tool installed by default. You need to make extra steps to install it.