With a netcat listener like:
nc -l <port> < ~/.bashrc
I can grab my .bashrc on a new machine (doesn’t have nc or LDAP) with:
cat < /dev/tcp/<ip>/<port> > ~/.bashrc
My question is: Is there a way to mimic the capabilities of nc -l <port> in my first line with /dev/tcp instead of nc?
The machines I’m working on are extremely hardened lab/sandbox environment RHEL (no ssh, no nc, no LDAP, no yum, I can’t install new software, and they are not connected to the internet)
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Unfortunately it’s impossible to do with just bash. /dev/tcp/<ip>/<port> virtual files are implemented in the way that bash tries to connect to the specified <ip>:<port> using connect(2) function. In order to create listening socket, it would have to call bind(2) function.
You can check this by downloading bash sources and looking at it. It is implemented in lib/sh/netopen.c file in _netopen4 function (or _netopen6, which also supports IPv6). This function is used by wrapper function netopen from the same file, which in turns is directly used in file redir.c (redir_special_open function) to implement this virtual redirection.
You have to find some other application that can create listening socket on your machine.
Method 2
If Perl is installed (as it will be on a RHEL machine):
perl -MIO::Socket::INET -ne 'BEGIN{$l=IO::Socket::INET->new(
LocalPort=>1234,Proto=>"tcp",Listen=>5,ReuseAddr=>1);
$l=$l->accept}print $l $_' < ~/.bashrc
would work, unless a local firewall doesn’t allow incoming connections to 1234.
If socat is installed:
socat -u - tcp-listen:1234,reuseaddr < ~/.bashrc
If zsh is installed:
zmodload zsh/net/tcp ztcp -ld3 1234 && # start listening socket on fd 3 ztcp -ad4 3 && # accept connection on fd 4 ztcp -c 3 && # close the listening socket that is no longer needed cat < ~/.bashrc >&4 && # send the data ztcp -c 4 # close the communication socket to tell the other end we're finished
Method 3
There isn’t a way to listen because listening is not in bash as Adamski pointed out.
But you don’t need to listen on the client so you don’t need netcat on the client to transfer files, for example:
## To send a file to the locked down computer: ## Local server where you do have netcat cat ~/.bashrc | nc -l -q 1 -p 8998 ## Remote locked down computer without netcat cat < /dev/tcp/local.server.ip.addr/8998 > latest.bashrc ## To grab a file from the locked down computer: ## First - on the local server run nc -l -p 8998 -q 1 > remote.bashrc < /dev/null ## Then on the locked down computer run: cat ~/.bashrc > /dev/tcp/local.server.ip.addr/8998 0<&1 2>&1
Method 4
You can use D. J. Bernstein’s ucspi-tcp, see http://cr.yp.to/ucspi-tcp.html
Method 5
you can do that as you said, asking /dev/tcp, with bash:
</dev/tcp/host/port
if it runs immediately, it’s listening, either way it times out
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0