No video :(

What Happens In a "Shell Upgrade"?

Подписаться 11 тыс.

Просмотров 6 тыс.

50% 1

When I get a reverse shell, the first thing I typically do it "upgrade it". That means running script or Python to get a TTY, then backgrounding it and running stty raw -echo. Let's figure out what all of that is doing.
Check out some other "Hacking Foundations" videos:
- Exploring bash Reverse Shell - • Exploring bash Reverse...
- Exploring mkfifo / nc Reverse Shell - • Exploring mkfifo / nc ...
[00:00] Introduction
[01:03] What is a TTY (PTY)?
[02:24] Examining TTYs in a terminal, using stty
[05:22] "Raw" and "Cooked" modes, demo with tmux
[08:12] Starting a TTY - local terminal, SSH, script, Python
[11:37] Walk-through of un-upgraded shell
[12:58] Walk-through of shell upgrade - Initiating TTY on target
[13:32] Adjusting local TTY to raw mode
[14:16] Looking at reset command
[17:18] Examples of reverse shell in terminal
[20:53] Summary

Опубликовано:

16 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 44

@_CryptoCat 2 года назад

Very interesting, thanks! The animations and diagrams were really cool 👌

@0xdf 2 года назад

Thank you! I spent way longer than I'm proud to admit on those diagrams. Glad to hear they were useful.

@maxmusterspace6037 2 года назад

Please make more of these "What happens" videos. It's so important to know what's going up in the background.

@0xdf 2 года назад

Anything you want to see?

@maxmusterspace6037 2 года назад

@@0xdf Thank you for asking. This video was awesome by the way. Was so exited that I forgot to mention that. ;) With that out of the way: I was thinking about what you've said: "I used the pty shell upgrade for years without actually knowing what it does." and I have a bunch of those things. When I am doing HTB I have sort of an intuition for what vulns I need to search and how to exploit them, but often I could not tell you why that vulnerability is there and how it could be fixed. Say XXE. I can test for it and exploit it. I know what XXE does and how it works from an attackers point of view. But couldn't explain why that vuln is there and what to do to fix it. What config or code needs to be touched? And this can be applied to many HTB typical attack scenarios. XXE is the only one that comes to mind right now - but picture it as an example. Don't know, was that somewhat helpful as an answer?

@0xdf 2 года назад

@Elijah Rodgers Done on the playlist. Sorry for that oversight, I thought it was already there. I'll think on those suggestions. Thank you for them!

@0xdf 2 года назад

@@maxmusterspace6037 Sure. I think in my head diving into an in depth look at an attack and how it works is a bit different from looking at a technique and how it works, but still could be interesting for sure. I'll think about if that's something I can pull something together on. Thanks for the input.

@road6915 2 года назад

@@0xdf The things that the migrate command from metasploit does behind the scenes would be interesting and useful ( wondered some time ago about it, searched some things online but didn't find a proper explanation, even I kinda have an idea about what is does)

@vedhex 15 дней назад

Awesome explanation! I always wondered how this shell upgrade works. You explained it really well.

@0xdf 15 дней назад

Thanks!

@x7331x 4 месяца назад

That's an amazing video, thanks for recording this!

@markgentry8675 2 года назад

Awesome! I've been meaning to research tty/pty as i never fully understood it. Now i don't need to haha Nice to see in 1080 and with a black background. Sooo much easier to watch. Thanks 0xdf

@0xbro 2 года назад

I've always wondered about this and now I finally understand how it works! Thanks for the great video!

@nycksw 4 месяца назад

I've been typing into pseudo-terminals for decades and I never really understood these underlying mechanics until I watched this video.

@saurabhshinde1855 2 года назад

Exactly the video I was looking for.. All these years had no idea what tty trick do underneath.. Keep it up @0xdf

@thygod4920 11 месяцев назад

Wow this is really interesting and cool to know, I never thought about exploring this lol.

@RR-hl6zi Год назад

This is so informative! Thank you for saving me a lot of rabbitholing (now it's a word)! I found this video through your writeup on the Squashed HTB challenge. Much love.

@adonistarcio 2 года назад

Awesome content as usual. I hope the community realise how important and quality your videos are. Keep it up mate!

@w.merlynn7762 2 года назад

Awesome content. I've been waiting for this since the bash rev shell video. Thanks man

@javaboy6581 Год назад

Muy buena explicacion, siempre quise saber esto

@xB-yg2iw 2 года назад

This awesome, thank you :)

@mindddfuzzz 2 года назад

17:47 , I second that statement :) Great vid as always, thanks for sharing. If I may suggest a topic for future vids; I'd love to see how proxychains actually works, especially the reason for only tunneling TCP and no other protocols

@0xdf Год назад

Interesting. Never thought about that one before. Not sure if I can do it justice or not. I'll add it to my list of things to look into.

@winter_yt 2 года назад

Smooth

@icyb3r1 2 года назад

thanks for sharing this, that's really informative.

@education7694 2 года назад

I was just searching for this!

@SecAura 2 года назад

Super Insightful!

@OatsOats 9 месяцев назад

I like you more than ippsec

@johny1401 2 года назад

When you kinda, sorta know something and then someone who actually knows tells you and you're like oh... well that was simpler than I thought... but deep down you still don't really know.

@BennyM910 2 года назад

This was super helpful...Do you use the default Ctrl+b for Tmux??

@0xdf 2 года назад

I map it to Ctrl+a personally.

@crusader_ 2 года назад

Man the sound needs to be increased. It's really low on phone

@arnoldkyei-baffour4540 2 года назад

Great video 0xdf!. Thanks so much. This is insightful.. my Question is, why does CTRL + C on upgraded tty shell on zsh terminal closes the shell...

@0xdf 2 года назад

Interesting. I've never seriously used zsh, so I have no idea...

@arnoldkyei-baffour4540 2 года назад

@@0xdf Let me make it clear. The new kali comes with a zsh terminal. Now when you catch a reverse shell as bash on the zsh and do all the necessary stuff to upgrade the shell...running CTRL + C closes the terminal.. I guess its clear now

@0xdf 2 года назад

Yes, Kali did make that change. I haven't used Kali in years, so I really don't have hands on experience with it. That said, I heard as long as you run 'stty raw -echo; fg' on one line it works the same. But haven't confirmed that on my own.

@arnoldkyei-baffour4540 2 года назад

@@0xdf Alright. Well noted.

@raj77in 2 года назад

You should be abe to type ctrl+c with ctrl+v and ctrl+c

@0xdf 2 года назад

before or after "upgrade"?

@raj77in 2 года назад

@@0xdf wherever required. In this case I think it was for setting stty to revert it after you had set it to o.

@_hackwell 2 года назад

excellent ! thanks a lot ! I like using rlwrap nc -lvnp . It's quite convenient too

@0xdf 2 года назад

i use that for windows, but prefer these techniques for linux

@_hackwell 2 года назад

@@0xdf I use them a lot too if python is installed on the target. but sometimes it isn't one some docker containers. But I have a better understanding of how TTY works now. Thanks for the video