Comments on: Bash socket programming with /dev/tcp http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/ Your blog is probably better than mine. Wed, 19 Nov 2008 04:42:57 +0000 http://wordpress.org/?v=2.6.3 By: David http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-57915 David Tue, 16 Sep 2008 01:05:08 +0000 http://thesmithfam.org/blog/?p=21#comment-57915 A tad late, but technically all those "\n" should be "\r\n". The RFC calls for CRLF line termination. A tad late, but technically all those “\n” should be “\r\n”. The RFC calls for CRLF line termination.

]]> By: Daniel Craig http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-52892 Daniel Craig Wed, 25 Jun 2008 16:00:28 +0000 http://thesmithfam.org/blog/?p=21#comment-52892 Hey, I was looking around for a while searching for vendor security and I happened upon this site and your post regarding cket programming with /dev/tcp, I will definitely this to my vendor security bookmarks! Hey, I was looking around for a while searching for vendor security and I happened upon this site and your post regarding cket programming with /dev/tcp, I will definitely this to my vendor security bookmarks!

]]> By: Connect-back Shell - Defending the Box « Neohapsis Labs http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-45853 Connect-back Shell - Defending the Box « Neohapsis Labs Fri, 18 Apr 2008 20:40:10 +0000 http://thesmithfam.org/blog/?p=21#comment-45853 [...] known for quite some time - it’s easily discovered on the blogosphere in articles here and here for example. Since this is built-in to bash by default in most instances, the main method of [...] [...] known for quite some time - it’s easily discovered on the blogosphere in articles here and here for example. Since this is built-in to bash by default in most instances, the main method of [...]

]]> By: Dave http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-23223 Dave Sun, 22 Jul 2007 14:26:41 +0000 http://thesmithfam.org/blog/?p=21#comment-23223 I'm afraid I have no idea what you're talking about by "backconnect". Are you talking about the server side? I’m afraid I have no idea what you’re talking about by “backconnect”. Are you talking about the server side?

]]> By: Anonymous http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-23212 Anonymous Sun, 22 Jul 2007 08:47:11 +0000 http://thesmithfam.org/blog/?p=21#comment-23212 can you post the backconnect shellcode? can you post the backconnect shellcode?

]]> By: Ben Scott http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-20390 Ben Scott Sun, 10 Jun 2007 03:43:11 +0000 http://thesmithfam.org/blog/?p=21#comment-20390 What exactly is the security exposure of the "/dev/tcp/" feature of Bash? The socket() call will still be available if you disable it. What exactly is the security exposure of the “/dev/tcp/” feature of Bash? The socket() call will still be available if you disable it.

]]> By: Mark http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-16246 Mark Thu, 24 May 2007 01:14:48 +0000 http://thesmithfam.org/blog/?p=21#comment-16246 Thanks, Dave! Thanks, Dave!

]]> By: Dave http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-16222 Dave Wed, 23 May 2007 18:55:44 +0000 http://thesmithfam.org/blog/?p=21#comment-16222 Sending a POST with data would be the same, but you would add extra text like this: echo -e "POST / HTTP/1.1\n\nThis is the body of my POST">&3 You can also add headers right after the first \n, but be sure to use \n\n before the HTTP body. Sending a POST with data would be the same, but you would add extra text like this:

echo -e “POST / HTTP/1.1\n\nThis is the body of my POST”>&3

You can also add headers right after the first \n, but be sure to use \n\n before the HTTP body.

]]> By: Mark http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-16221 Mark Wed, 23 May 2007 18:36:50 +0000 http://thesmithfam.org/blog/?p=21#comment-16221 Dave, can you give an example if I want to send some data to a server, either via GET or POST? TIA Dave, can you give an example if I want to send some data to a server, either via GET or POST?

TIA

]]> By: Dave http://thesmithfam.org/blog/2006/05/23/bash-socket-programming-with-devtcp-2/#comment-4856 Dave Sat, 27 Jan 2007 19:38:34 +0000 http://thesmithfam.org/blog/?p=21#comment-4856 Eric, A customer of mine had an immediate need for a small fix to some existing commercial software and hardware on a Red Hat system, to which I had no access. The only thing I knew about the system a priori was that it was Red Hat Enterprise 3. I didn't even know if they had netcat installed or not. I did know, however, that they were running a vanilla install of Red Hat Enterprise. Armed with that knowledge, I was able to solve their problem reliably with a nice, dirty bash hack using /dev/tcp. :) Had I relied on netcat, it could have come back to me. /dev/tcp did the job for them nicely. Eric,

A customer of mine had an immediate need for a small fix to some existing commercial software and hardware on a Red Hat system, to which I had no access. The only thing I knew about the system a priori was that it was Red Hat Enterprise 3. I didn’t even know if they had netcat installed or not. I did know, however, that they were running a vanilla install of Red Hat Enterprise. Armed with that knowledge, I was able to solve their problem reliably with a nice, dirty bash hack using /dev/tcp. :)

Had I relied on netcat, it could have come back to me. /dev/tcp did the job for them nicely.

]]>