A netcat reverse shell is pretty useless and can be easily broken by simple mistakes. These shells are very unstable by default. Pressing Ctrl + C kills the whole thing. They are non-interactive, and often have strange formatting errors. This is due to netcat “shells” really being processes running inside a terminal, rather than being bonafide terminals in their own right.
Technique 1: Python
The first technique is applicable only to Linux boxes, as they will nearly always have Python installed by default. This is a three stage process:
- The first thing to do is use
python -c 'import pty;pty.spawn("/bin/bash")'
, which uses Python to spawn a better featured bash shell; note that some targets may need the version of Python specified. If this is the case, replacepython
withpython2
orpython3
as required. At this point our shell will look a bit prettier, but we still won’t be able to use tab autocomplete or the arrow keys, and Ctrl + C will still kill the shell. - Step two is:
export TERM=xterm
— this will give us access to term commands such asclear
. - Finally (and most importantly) we will background the shell using Ctrl + Z. Back in our own terminal we use
stty raw -echo; fg
. This does two things: first, it turns off our own terminal echo (which gives us access to tab autocompletes, the arrow keys, and Ctrl + C to kill processes). It then foregrounds the shell, thus completing the process.