MartinD 29 Report post Posted January 22, 2016 I was browsing trough some old videos for honeypots and one particular attacker used interesting technique which I haven't seen for a very long time. It's about abusing the device files in unix system to preform interesting stuff such as port scanning and you can as well do reverse shell. You can use this when you own a box and need to scope the internal network as well but on the box you don't have your favorite nmap, also you can transfer files with this and netcat also you can make a small bash browser(Well, kind of... when you don't have curl or wget.) Here is a small script I wrote quickly while on a break. It can be improved so, feel free. #!/bin/bash # # Simple Port Scanner # x4d44.mk #Global Variables TARGET=$2 case $1 in "-a") for i in {1..65535};do &> echo > /dev/tcp/$TARGET/$i [ $? == 0 ] && echo "[+]Open port: $i" done ;; "-t") PORT=$3 &> echo > /dev/tcp/$TARGET/$PORT [ $? == 0 ] && echo "[+]Open port: $PORT" ;; "-all") TARGET_START_POINT=$2 TARGET_PORT_POINT=$3 for i in {0..255};do TARGET_START_POINT=`echo $TARGET_START_POINT | cut -d"." -f1-3` TARGET_START_POINT=$TARGET_START_POINT".$i" ping -c 1 -w 5 $TARGET_START_POINT &>/dev/null if [ $? -ne 1 ] ; then echo "Staring Port Scanner for $TARGET_START_POINT" for z in `seq $TARGET_PORT_POINT`;do &> echo > /dev/tcp/$TARGET_START_POINT/$z [ $? == 0 ] && echo "[+]Open port: $z" done else # Just An Echo Empty Sad Line Here... Leave Me Alone it says. echo "$TARGET_START_POINT is down." fi done ;; *) echo "Usage:" echo -e "\t -a | Scan all ports on a single target." echo -e "\t -t | Check if port is open on a single target." echo -e "\t -all | Scan all IP's with all ports." ;; esac References: /dev/tcp as a weapon /dev/ at tldp PenTest Monkey CheatSheet. 1 Share this post Link to post
Giuseppe 154 Report post Posted January 22, 2016 Thanks for sharing MartinD! As you already said, this is an old school weapon, but still very useful in the reverse shelling world. Especially when you have to bypass filters and restrictions. Share this post Link to post