Quick Hits: Screen

Ever been frustrated by a session that was running remotely when your SSH/nc/1337shell.phpaspxcf dropped, and all that work was wiped out in the blink of an eye because when that died your shell did too, and the OS was nice enough to clean it all up?

Yeah, it sucks. Fortunately, there’s an easy way to handle that, and it’s called “screen”. Let’s dive in.

The basic premise of screen is that you can create a new session, detach it, then just reconnect any time you want to check in.  In practice this means you can SSH in, start screen, start some long-running stuff, detach, and then come back to check whenever you want, and if you drop your connection or your mom picks up the phone and disconnects the modem (or whatever) it keeps running, because it’s no longer tied to the original session.

I’m going to assume you already have screen installed, but if you don’t it’s available from whatever your standard package manager is, normally under the convenient name of “screen”.  For instance, if you somehow didn’t have it installed in Kali it would just be:

user@system:~$ sudo apt-get install screen

Now, on to the tough parts. To start it, you type the following:

user@system:~ $ screen

Press spacebar to clear the helpful information, then just do whatever you want to do. Ready to detach? Press CTRL+A (which tells screen you want to send it a command), then press the “d” key (which tells screen to detach). Boom, you’re back in your original shell and screen is off doing its thing. Do it as many times as you need/want to spin up extra sessions too.

Now, you want to check back in. That’s also quite easy, just by typing:

user@system:~$ screen -r {PID}

Instantly you’re right back in your previous shell. If you only made one, you can even drop the PID. If you don’t remember what the PIDs are, just try it without a PID and it will give you a list of them.


Let’s say you realized too late though that your shell is for some reason… /bin/sh. Ugh. To get back to the Bash motherland, just create a file in your home directory named “.screenrc” (if it doesn’t already exist) and add a single line of text to it: “defshell -bash”

user@system:~$ echo "defshell -bash" >> ~/.screenrc

And if you’re of a pentesting persuasion you may want to investigate CTRL+A followed by “H” (capital), which will log everything from that screen session to a file for easy review and analysis for those reports later.  Just use CTRL+A,H again to stop recording.  🙂

Good hunting!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: