Utilizing Bash Job Control to Upgrade Shell Functionality

Utilizing Bash Job Control to Upgrade Shell Functionality

Chris Risley Chris Risley

Chris Risley

Published Apr 25, 2018
+ Follow

I want to start off by saying this is my first article, so hopefully someone will find it useful. During my time as a pentester and doing CTFs I have noticed that not a lot of people know how to control jobs within a bash environment. Controlling jobs is very useful for many things but in this article I want to talk briefly about knowing how to control jobs and its usefulness for pentesters.

Linux Processes

So let's start off by first talking about how processes run in Linux. Most processes that you run in Linux will run in the foreground, meaning that when you start the process it will take over your terminal(not allow usage) until the process completes. This can be a hinderance to us for many reasons. The most common thing I see is people starting a process and then just opening up another terminal while letting the process run in its own terminal. While this is one way to do things, it can become very messy when you have 10+ terminals open, all running thier own processes. But how about another scenario? Let's say you have a shell on a target that has limited functionality or is just being wonky for whatever reason. There are some useful commands that you can perform to upgrade the functionality of that pesky shell that won't let you tab complete or use directional keys.

Backgrounding a Process

In order to regain control of your terminal while a process is running you can use Ctrl+z to background the process that is currently running. The only catch here is that when you background the process this way, it will suspend the process until you tell it to start again. This can be seen by using the "ps T" command, which will list all of the processes associated with your current TTY. Under the STAT column you will notice that your process will have "T", which means that the job has been stopped.


In order to start the process again, we have two options to choose from. Our first option is the "fg" command, which stands for foreground. The only issue with the "fg" command is that it will start the process running again in.......you guessed it.....the foreground. While in some cases, depending on what we are trying to do, this will be the option we want but that is not always the case. Enter our next option, the "bg" command. The "bg" command will run a previously stopped process in the background, allowing us to continue using our terminal as we please while the process runs. This can be handy for when we have a python server or a scan running in our current TTY. We can also verify that our process is running in the background by using the "jobs" command, which will display all jobs for your current TTY.


Usefulness for Pentesting

Now back to what I mentioned earlier about upgrading shell functionality. Let's say we have a shell on a target that is just not functioning properly and the ol "python -c 'import pty;pty.spawn("/bin/bash");'" isn't working or giving us as much functionality as we would like. For example, the shell could be echoing our input back to us(annoying), the shell could not have tab complete(really annoying), or the shell will not allow us to backspace or use directional keys(super annoying). Luckily, we have a few options we can use here.

The first option involves what I talked about previously. We can background the process with Ctrl+z, then use the "stty raw -echo" command, then foreground the process with the "fg" command. This will allow keyboard shortcuts to be passed through your terminal.

Notice how in the above screen shot that the terminal is no longer echoing my input back to me after using the "stty raw -echo" command. Keep in mind that using this technique will not show you what you are typing in your terminal once you change your stty setting. This can also be seen in the above screen shot, you can see my "stty raw -echo" command but you can not see my "fg %1" command. This is fine and there is no need to panic. Once you are done with the remote shell and you drop back into the shell on your system, you can just use the "reset" command and your shell will work normally again.

Another option that we have here is setting the $TERM variable through the "export TERM=" command. We can check our current $TERM by doing a "echo $TERM", if the $TERM variable is not set to what we want it to be set to then we change the variable to our liking. Keep in mind though that this will not always be an option and the previously mentioned method is usually what works best for me.

Wrapup

That's all I have for now folks, hopefully some of you will find this useful and you enjoyed reading my first article here on linkedin.


UPDATE: If you would like to see this technique in action, then head over to another one of my articles and check it out:

https://www.garudax.id/pulse/kioptrix-2-vm-writeup-chris-risley-oscp/

To view or add a comment, sign in

More articles by Chris Risley

  • Kioptrix 2 VM Writeup
    Apr 26, 2018

    Kioptrix 2 VM Writeup

    Hey everyone, I have decided to start doing some writeups on vulnerable VMs and retired HTB(HackTheBox) systems in my…

Others also viewed

Explore content categories