Linux TTY Shell Cheat Sheet
Introduction
During a penetration test, when obtaining access to a remote Linux host via a reverse/bind shell, it can be very painful to issue certain commands over it and it is often a much better option to obtain an interactive shell. These are the main reason why this is a good idea:
- More shell stability, as things like CTRL+C will no longer close down the connection.
- Ability to use up, down, left, and right arrows to navigate through and modify commands.
- Ability to use applications or commands that use a login prompt such as Sudo, MySQL, SSH, etc.
- Ability to use tab-auto completion in commands.
- Ability to view commands, output, and file contents in the same terminal size as the host machine.
This article will list the various commands that can be used to obtain a TTY shell and also how to turn it into a fully interactive shell.
Cheat Sheet
The following table contains commands to execute in various scripting languages and tools to
| Command | Description |
| python -c ‘import pty; pty.spawn(“/bin/bash”)’ | Python BASH TTY shell |
| python3 -c ‘import pty; pty.spawn(“/bin/bash”)’ | Python 3 BASH TTY shell |
| echo os.system(‘/bin/bash’) | Echo BASH TTY shell |
| /bin/bash -i | BASH TTY shell |
| perl -e ‘exec “/bin/bash”;’ | Perl BASH TTY shell |
| ruby -e ‘exec “/bin/bash”‘ | Ruby BASH TTY shell |
| lua -e ‘os.execute(‘/bin/bash’)’ | Lua BASH TTY shell |
| exec “/bin/bash” | IRB BASH TTY shelll |
| :!bash | Vi/Vim BASH TTY shell |
| :set shell=/bin/bash:shell | Vi/Vim BASH TTY shell |
| CTRO+R CTRL+X reset; /bin/bash 1>&0 2>&0 | Nano BASH TTY shell |
| !bash | Nmap BASH TTY shell |
Obtaining a Fully Interactive Shell
The commands used above can also be issued with sh or /bin/sh, rather than bash or /bin/bash, if BASH is not an option. Once a TTY shell has been achieved, the following commands can be used in order to obtain a fully interactive shell:
#backgrounding the shell process
Ctrl-Z
#checking the number of rows and columns in the host terminal
stty -a
#setting terminal settings like new line, break characters etc.
stty raw -echo
#returning to the shell
fg + ENTER
#declaring environment variables to be able to use cllear etc. and colors
reset
export SHELL=bash
export TERM=xterm-256color
#setting the terminal rows and columns based on the host configuration
stty rows <num> columns <cols>Conclusion
Having a fully interactive shell can help immensely while enumerating a given host, performing post exploitation techniques and attempting to escalate privileges, and as most Linux systems come with Python or other scripting languages already installed, obtaining one should be fairly effortless.
