How do I stabilize a reverse shell in when the attack box is using powershell?

Question

So I've managed to get a version of netcat onto my windows machine and I can run the standard:

nc -lvnp 1234

and this properly connects to the victim's machine, but it's a very fragile connection. Ctrl + C will just drop the connection, tab doesn't auto complete, and the up and down arrows don't give me history. On linux, the common way to stabilize the shell looks like this:

python -c "import pty; pty.spawn('/bin/bash')"      //run on victim's machine
CTRL + Z                                            //switches over to your machine
stty raw -echo                                      //run on your machine
fg                                                  //switches back to victim machine
export TERM=xtrm                                    //run on victim machine

The problem is that ctrl + z just locks up Powershell so that's about as far as I get. Even if I use a Kali linux docker container, I am still running that container through Powershell or CMD and I just just can't get past that ctrl + Z issue.

How do I stabilize a reverse shell through Powershell or CMD?

Answer 1

it's a very fragile connection. Ctrl + C will just drop the connection, tab doesn't auto complete, and the up and down arrows don't give me history.

It's not fragile. When you type Ctrl+C, the shell sends a SIGINT to the running process, which happens to be nc. This causes the process to terminate, breaking the connection. Tab doesn't autocomplete and arrows don't provide history because you aren't using a pty.

ctrl + z just locks up Powershell so that's about as far as I get.

Once you run that Python command to set up a pty, you can use keys to view history. However, on Windows, Ctrl+Z is EOF (equivalent to Ctrl+D on Linux). On Linux, Ctrl+Z will cause SIGTSTP to be sent to the running process, and it will be detached from the terminal. Because you are running Powershell, when you type Ctrl+Z, it is interpreted by Windows.