Phineas Fisher stty technique

0001-01-01

As mentioned in upgradingpty-ropnop2017, Phineas Fisher was observed using the stty command to upgrade vanilla reverse shells.

This is done with the following steps:

  1. Catch a reverse shell with netcat -lp 4444
  2. Background it with Control-Z after the connection is established
  3. On the attacker’s machine: echo $TERM; stty -a ### need the TERM type and console’s size in rows/columns stty raw -echo fg ### bring the netcat session into the foreground
  4. On the victim machine after the shell has been brought into the foreground: reset export SHELL=bash export TERM=TERM_FROM_COMMAND_ABOVE stty rows ROWS_FROM_ABOVE columns COLUMNS_FROM_ABOVE

Links to this note