Shells
Common Shells
Section titled “Common Shells”| Shell | Path | Notes |
|---|---|---|
| bash | /bin/bash | Default on most distros. Feature-rich, widely scripted against. |
| sh | /bin/sh | POSIX shell. Often a symlink to dash (Debian/Ubuntu) or bash. Minimal features. |
| zsh | /bin/zsh | Default on macOS. Superset of bash with better completion, theming, plugins. |
| dash | /bin/dash | Lightweight POSIX shell. Fast but no interactive features. |
| fish | /usr/bin/fish | User-friendly, auto-suggestions, not POSIX-compatible. |
| tmux/screen | — | Terminal multiplexers (not shells, but wrap shells). |
Windows
Section titled “Windows”| Shell | Notes |
|---|---|
| cmd.exe | Legacy Windows command prompt. Limited scripting. |
| PowerShell | .ps1 scripts. Object-oriented pipeline. Default on modern Windows. |
PowerShell Core (pwsh) | Cross-platform PowerShell (Linux/macOS/Windows). |
Identify Your Current Shell
Section titled “Identify Your Current Shell”# Linux — several methodsecho $SHELL # Default login shell (not necessarily current)echo $0 # Current shell process nameps -p $$ # Process info for current shellcat /proc/$$/cmdline # On Linux — exact binary path
# What shells are available?cat /etc/shells
# What shell is a user configured to use?grep "krav" /etc/passwd # Last field is login shell# Windows — PowerShell or cmd?echo %COMSPEC% # cmd.exe$PSVersionTable # PowerShell (this variable only exists in PS)Get-Host # PowerShell version infoChanging Shells
Section titled “Changing Shells”# Change default login shellchsh -s /bin/zsh
# Switch to a different shell temporarilybashzshsh
# Run a command in a specific shell/bin/sh -c "echo running in sh"Restricted and Limited Shells
Section titled “Restricted and Limited Shells”Some shells are intentionally restricted:
| Shell | Purpose |
|---|---|
/bin/rbash | Restricted bash — no cd, no changing PATH, no redirections |
/usr/bin/nologin | Denies login entirely (for service accounts) |
/bin/false | Same — immediately exits with failure |
lshell | Configurable restricted shell (if installed) |
Check /etc/passwd for accounts using nologin or false — these are service accounts that shouldn’t have interactive access.
Upgrading a Limited Shell
Section titled “Upgrading a Limited Shell”After getting a reverse shell (e.g. from a web exploit), the shell is typically “dumb” — no tab completion, no arrow keys, no Ctrl+C handling, and clear doesn’t work.
Step 1: Spawn a proper TTY
Section titled “Step 1: Spawn a proper TTY”# Python (most common method)python3 -c 'import pty; pty.spawn("/bin/bash")'python -c 'import pty; pty.spawn("/bin/bash")'
# Other methods if Python isn't availablescript -qc /bin/bash /dev/nullecho os.system('/bin/bash') | perl/bin/sh -iStep 2: Full interactive shell
Section titled “Step 2: Full interactive shell”After spawning a TTY:
# Background the reverse shellCtrl+Z
# In your local terminal — configure raw modestty raw -echo; fg
# Back in the reverse shell — set terminal typeexport TERM=xtermexport SHELL=/bin/bash
# Optional: match terminal size# In local terminal, run: stty size → e.g. "50 200"stty rows 50 columns 200Now you have: arrow keys, tab completion, Ctrl+C (won’t kill your shell), command history, and clear.
Step 3: Verify
Section titled “Step 3: Verify”tty # Should show /dev/pts/X instead of "not a tty"echo $TERM # Should be xterm or similarstty -a # Show terminal settings/etc/passwd Shell Field
Section titled “/etc/passwd Shell Field”krav:x:1000:1000::/home/krav:/bin/bash ╰───── login shell# List all unique shells in useawk -F: '{print $7}' /etc/passwd | sort -u
# Find users with actual login shellsgrep -v "nologin\|false" /etc/passwd