Pimp My Shell — 5 Ways to Upgrade a Netcat Shell

As excited as I initially am whenever I catch a reverse shell with netcat, my enthusiasm quickly diminishes when I remember how terribly limited these shells tend to be. So I’ve decided to compile a list of helpful commands that make these shells much more useable. Hopefully after reading this, you will be able to navigate around your reverse shells as easily as an ssh connection.
1. Spawn TTY with Python
This is probably singlehandedly the biggest improvement you can make to your netcat shell. PTY is a library for pseudo-terminal functionality that is part of the Standard Python Library. If the remote system has python, you’ve got a pseudo-terminal in just one line:
python -c ‘import pty;pty.spawn(“/bin/bash”)’Unlike running bash -i, PTY gives you the ability to run commands like su to log into other local accounts or ssh to log into other hosts.
Pelebus made a great list of one-liners for other ways to spawn interactive bash processes. However, some of these methods may not be able to incorporate some of the functionality we’ll be adding in the following steps.
2. Tab Completion with STTY
This is a great feature that I miss whenever I’m trying to type long file paths or avoid mistyping a file name. However there are a few steps involved and I usually end up having to dig through notes to find them all.
This can get kind of messed up if you don’t already have pseudo-terminal functionality. If you can’t execute the python command in Step 1, try this at your own risk.
First, background your netcat shell by typing:
Ctrl+zThis will appear as though you’ve lost your shell. Don’t worry! We’ll get it back. Next, in your local shell type:
stty raw -echoFinally, foreground the netcat shell by typing:
fg + [Enter x 2]This should return your shell with tab auto-completion!
3. Keep It Clean; Clear The Screen
Sometimes it’s nice to be able to work with a clean slate and remove all of the clutter in a terminal. To do this in a netcat shell, we have to run two commands.
In a shell on your local machine, type:
echo $TERMYou should get some output as a response. Depending on how your system is set up, this output may vary (screen, xterm, etc). By default on Kali Linux, $TERM is set to screen.
In the netcat shell type:
export TERM=screenNow you can clear your screen!
Reinitialize the Terminal (optional)
Back in the netcat shell, we can reinitialize the terminal by typing:
resetYou should get a prompt asking you "Terminal Type?" this is where you enter the output of the echo $TERM command.
4. History Lesson
Who among us hasn’t slightly mistyped a long command and wished you could bring the command back with the press of the up arrow? Now you can!
export SHELL=bashThat’s it!
5. Big Screen
Sometimes when you’re typing a long one-liner in a default netcat shell, you run out of room on the line and the text begins wrap back around and overwrite itself. That’s horrible. We don’t need that.
To see the size of your local machine type:
stty sizeThis returns two numbers (rows, columns).
To make the netcat terminal larger (say 100 x 100), set the rows and cols variables like so:
stty rows 100 cols 100Additional Resources
If you’re interested in other ways to add functionality to netcat shells or simply want to read more into this topic, here are some resources I’ve found to be helpful:
