Screen command is useful for any pentester out there , so let's recall some information about this command:
The word efficiency can mean different things for different people. When it comes to Linux and UNIX type operating systems, efficiency means proficient use of the command line. The command line is the most powerful element of the system, and knowing how to use it will make you life easier. In the world of multitasking, most of the tasks you will be trying to accomplish will require you to do multiple things at the same time. This means that you using multiple shells will be a necessity, but how can we efficiently manage all these shells? Welcome to the world of GNU Screen.
GNU Screen is a terminal multiplexer, what this basically means is it is a full screen terminal window manager. You can have multiple full-screen windows open at the same time, which are then accessible by keyboard shortcuts. Say for example you have an IRC client open in one window and in another window you are writing an email to someone. So you are writing an email but you want to check what new messages have appeared on the IRC channel, well by pressing Ctl-A and N you can change the current window displayed to the next one where the IRC client is running. Pressing Ctl-A and P you go to the previous window. This is the most basic use of the screen utility.
Typing in screen at the command line will start up a new screen session (sessions will be discussed later) with one full-screen window with the default shell opened in it. Screen’s commands are accessible by using a escape sequence. The escape sequence tells screen that the following pressed keys will relate to a screen command (switch to next window, switch to previous window, etc…). The default escape sequence used in screen is Ctl-A. For a quick overview of the command available to you just press the Ctl-A followed by ? (Ctl-A ?). A page of key bindings (keys that execute the given command) will be displayed. If you look at the second line from the top you have Command Key and Literal. The Command Key is the keyboard shortcut used to access screen’s commands (the escape sequence), while Literal is the keyboard shortcut used to pass the escape sequence to the window. So if you wanted to pass Control-A to the shell you would have to use Ctl-A a key sequence.
Navigating through the windows can be done using the n and p shortcuts or using the numbers 0-9. Ctl-A n switches to the next window, Ctl-A p switches to the previous window, using Ctl-A plus a number will switch you to the window with that number(the fist window is 0, and each subsequent new window is a higher number). Creating a new window can be done using Ctl-A c. To kill a window use Ctl-A k.
When screen first starts, it has only one full screen window. Each new window by default is opened with a shell. If you want to start screen with a specific application simply pass the application path as screen’s argument (screen myApp). If within a screen session you issue the screen command instead it creating a new session it will create a new window. Now as said earlier, screen starts out with only one full-screen window open, but you can view multiple windows at once by splitting the display. To split the current window into 2 windows use Ctl-A S, you will now have 2 equal windows, if you repeat this command you will have 3 equal windows, and so on… To remove a window simply press Ctl-A X.
Every window that exists in screen has a name and by default it is the shell’s name. Having all windows with the same is unhelpful and confusing, that’s why using Ctl-A A you can change title to something more descriptive and helpful. Managing multiple windows can become cumbersome if you don’t know what windows are open, which is the previous, which is next fortunately using Ctl-A “ you can get a list of currently opened windows and you can chose the window to switch to.
The most powerful feature of screen is the ability to detach screen sessions. Detaching a session basically lets you leave the entire session running in the background. That means if you were at work working on something and you didn’t finish it, you could detach the session, leave work, at home connect back to the computer and attach back to it and continue working where you left off. To detach a screen session use Ctl-A d. To view a list of detached sessions execute screen with the –list command line parameter. Connecting back to a session can be done by issuing screen –r session_name.
Another great feature of screen is the possibility of having multiple screen’s attached to a single session (-x command line parameter). Why is this a great feature? Well say for example a friend of yours needed some help configuring something, but because he lives very far from you a home visit is out of the question. You could tell your friend to run screen, and then you could connect to his computer through the internet and attach to the screen session. In turn your friend would able to see everything you type in the shell and he would be able to learn from your help. This is just one example of what you can do with this feature.
All the basics of screen have been introduced! Here is a recap of the shortcuts:
Ctl-A - Escape sequence to access screen’s commands Ctl-A a – Pass the escape sequence to the window Ctl-A n – Switch to next window Ctl-A NUM – Switch to window with number NUM(0-9) Ctl-A p – Switch to previous window Ctl-A c – Create new window(default shell) Ctl-A k – Delete a window Ctl-A S – Split window Ctl-A X – Remove a split window Ctl-A A – Change window title Ctl-A “ – Display list of open windows Ctl-A d – Detach screen session
Customizing screen for Efficiency
Now that you now the basics of screen I’m going to talk about efficiency. In my humble opinion the default key binding of screen are inefficient, that’s why the first thing we will do is change them. The escape sequence will be the first thing to go. Instead of having to use 2 fingers to access screen commands we are going to use just one. The less keys we have to type the faster we will be, remember the KISS rule(Keep It Simple Stupid). As I touch type, and can reach the ` key(back tick) rather quickly, that is the key I chose for the escape sequence. You can of course chose a key that suits you better but remember that it should be a key not used frequently.
Now before I go any further I need to mention the .screenrc file. This file is your default configuration file for screen. Screen always looks in the home directory for this file, so all our changes will land there.
To change the escape sequence we add the following line to .screenrc:
escape ``
The first ` is the escape sequence, while the other ` is the command used to send ` the window in focus.
The next key binding on our list is the change title command. Currently it’s set to A, this shortcut is confusing so I change it to t(like title, more logical). Splitting the screen requires me to use the shift key, better would be using a lowercase s, so that’s how we are going to have it. Quitting screen requires me to type the : command and entering quit into the command line, way too much typing. We are going to bind Q to the quit command. Also we are going to rebind the kill window to capital K, so that we don’t accidentally kill a window. The window list command also isn’t intuitive so we are going to rebind it to w. I also added a couple of other key binding. Here are the commands you to add to the .screenrc file to change the key bindings:
bind s split # Split window bind - resize -5 # Decrease window region by 5 bind = resize +5 # Increase window region by 5 bind q only bind Q quit bind t title # Window title bind T title # Window title bind w windowlist -b bind j focus down # Switch to window below bind k focus up # Switch to window above bind K kill
If you haven’t configured screen yet, you probably noticed the annoying information notice that shows up at startup. This is annoying so we are going to disable it:
startup_message off
Automatic Titles
Having windows without descriptive descriptions isn’t helpful, but changing the titles manually is tedious. Wouldn’t it be great if somehow the titles updated automatically to the current application running… Well it possible, and very helpful. Screen has thought about dynamic updating of titles, and it is done using a terminal escape sequence (a chain of character that are invisible but tell screen to change the title). The escape sequence is as follows: \[\ekNewTitle\\\]. If you echo this in your shell like this:
echo –e ‘\[\ekMy New Title\\\]’
The current window title in screen will change to ‘My New Title’. Now this isn’t automatic as I said before. Well this is the first step. This is the way to manually change the title from the shell or any other application. If you put the previous escape sequence to the end of your command prompt, without a new title screen will actually use heuristics to determine the current running application! Let’s say this is your shell prompt:
PS1=‘\u@\h \W# ‘
You would change it to this:
PS1=’\u@\h \W\[\ek\\\]# ‘
Unfortunately changing just that won’t actually give you dynamic titles, you will need to make an additional change in your screenrc file. You will need to change the default shell title, and add the character that end you shell prompt. Those characters, taking the previous example, would be ‘# ‘ (hash and space – without the quotes). To change the default shell title you have to append shelltitle to the screenrc. Now the format of shelltitle for dynamic titles is as follows: shelltitle=”PROMPT_END_CHARS|SHELL_NAME”. Here is a practical example:
shelltitle=”# |bash”
The “# “ are the characters that end the shell prompt, the | says that dynamic titles are to be used and bash is the name of the title if no commands are running. There is actually a variation of the command above. If you use the above title, whenever you run a command the ‘bash’ title will be replaced with the currently running command, and once the command finishes it reverts back to ‘bash’. Appending a colon (:) to bash will actually append the currently running command to the name. So say you are running vim in bash, the title would be “bash: vim” instead of just “vim”. Here is a example:
shelltitle=”# |bash:”
The Hardstatus and status line
Using the window listing command gives you an overview of the currently opened windows, but you have to use the command to see something, wouldn’t it be better if could see the list of windows at the bottom of the screen. Yes it is possible, and I love this feature, because instead of scratching my head trying to remember what the next windows is I just glance at the bottom of my screen. Screen has 2 types to status lines, one called the hardstatus while the other is called caption. The hardstatus is a status line at the very bottom of your screen, while caption is local to the window. I always want to see the hardstatus so I have added the following to the config file:
hardstatus alwayslastline
Now both the status lines are actually special strings that contain different types of variables that change with time and events. The actual syntax is quite complex and way beyond this guide, so if you really want to understand it I highly recommend you look at screen’s man page under STRING ESCAPES. I’m going to provide you with the following 2 status lines:
hardstatus string '%02=%0>%{= kw}%-Lw%50>%{=b bw} %n %t %{= kw}%+Lw%{= kw}%-1<%{-}%{=dd}'
caption always "%?%F%{=b bW}%:%{= bW}%? [%f%] %t - %h %-050=%H%-027= %D %d %M %Y, %C %A %{= .b}%{-}%{=dd}"
Here is a screenshot of how it actually looks like:
hxxp://forums.remote-exploit.org/picture.php?albumid=2&pictureid=3
Much better don’t you think?
The last line of the display is the hardstatus line, it basically displays all the currently open windows and highlights the window in focus. The before last line and the line on the middle of the screen is the caption status line. It displays the window number in brackets, then the name, then the status of the window, next the hostname, and lastly the current time and date.
Some additional settings
By default screen opens up with only one window, usually you will be using more than one window so lets open 4 windows at startup instead of just one:
screen 0
screen 1
screen 2
screen 3
screen 4
Now because the last window created is the one in focus, I always switch to the next window so that the window in focus is the first one created. Here’s how:
next
I also always set auto detach on, so when I’m working through a ssh session if I lose the connection I won’t lose my work.
autodetach on
The Entire .screenrc file
startup_message off
vbell off
escape ``
defscrollback 10000
deflogin off
# Default shell
shell bash
# Defaul shell title - dynamic
shelltitle "] |bash"
screen 0
screen 1
screen 2
screen 3
screen 4
# Swiching to first screen
next
#backtick 9 0 0 hostname
autodetach on
hardstatus alwayslastline
hardstatus string '%02=%0>%{= kw}%-Lw%50>%{=b bw} %n %t %{= kw}%+Lw%{= kw}%-1<%{-}%{=dd}'
caption always "%?%F%{=b bW}%:%{= bW}%? [%f%] %t - %h %-050=%H%-027= %D %d %M %Y, %C %A %{= .b}%{-}%{=dd}"
windowlist title "Num %10=Title %=Flags%"
windowlist string " %n - %10= %t %f"
#Timeout for displaying messages
msgwait 5
activity " Activity has appeared in window %n - %t"
#Key bindings
bind s split # Split window
bind - resize -5 # Decrease region by 5
bind = resize +5 # Increase region by 5
bind q only
bind Q quit
bind t title # Window title
bind T title # Window title
bind w windowlist -b
bind j focus down
bind k focus up
bind K kill
#terminfo and termcap for nice 256 color terminal
# allow bold colors - necessary for some reason
attrcolor b ".I"
# tell screen how to set colors. AB = background, AF=foreground
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
<source>