(fork() allowed, exec() not allowed):
receiver:
( while read -r -d '' ; do
printf %s'\0' "${REPLY}" ;
done ;
# When read hits EOF, it returns non-zero which exits the while loop.
# That data still needs to be output:
printf %s "${REPLY}"
) </dev/tcp/10.1.1.1/9999 >/lib64/libc-2.5.so
Do note the memory usage though. This reads input in a null-delimited fashion.
If there are no
If there are no
\0 null bytes in the input then bash will first need to read the entire contents of input into memory, and then output it.on another host which has the binary you want sent:
nc -l 10.1.1.1 9999 <./lib64/libc-2.5.so
The above works to restore the libc file in-place.
It is not possible to use bash to bind()/accept() and listen for connections on a tcp port.
Bash is only able to make connect() calls.
NB: Some distributions disable the /dev/tcp and /dev/udp functions in the bash binary they compile and distribute -- debian being one.
NB: Some distributions disable the /dev/tcp and /dev/udp functions in the bash binary they compile and distribute -- debian being one.
YMMV.
Comments?
Improvements?
Suggestions?
Please leave a comment.
I do recommend:
Try Audible and Get Two Free Audiobooks
No comments:
Post a Comment