Living in Shell
There is nothing that I hate more tan somebody breaking a beautiful Shell after hours of work and getting it to run on a target by running the wrong command or wrong option. Shell is not Terminal and this applies to both Windows and *nix hosts, so many commands that clear the screen, uses especial formatting or check for terminal id will break the shell and running the exploit again to gain shell again might kill the host or service causing you not to get it again or bringing down a target server of the client which is bad. Let’s start by following a golden rule any command that start with ctrl and something like ctrl-c, ctrl-d or any other combination is a big no, no. So we have to be conscious when working in shell and when we put our finger in ctrl STOP!! And remove our fingers from the key slowly!! I know I’m ranting but some recent situations reminded me that many people starting security do not know about this and many sources out there do not cover this basic skill. I love shell, even do I like Meterpreter there is something about a shell prompt that just bring butterflies to my stomach. One way to practice working in shell specially in windows is to use the wonderful tool of Netcat, we can make a netcat listener by running nc –l –p 4444 in a command prompt in windows o different terminal windows in a *nix system and in another run nc 127.0.0.1 4444 and now we have a shell where we can practice, in fact if you are going to experiment with a command during an engagement have this running in the background and test the commands locally on your machine so as not to risk breaking your hard earned shell on the target box.
Commands to avoid in Windows Shell are:
- Certain switches in SC (Service Controller)
- Wmic (in Meterpreter and using schdtasks are workarounds)
- Powershell
- Edit
- ftp (There are ways to work around the limitation)
- runas
- more
- telnet
Commands to avoid in Linux Shell are:
- Emacs
- Vi
- Top
- More
- Less (it will show the whole file, it will not paginate)
- Su
- Sudo
- Passwd
- ssh
- telnet
- ftp