Jump to content
MartinD

Old and forgotten /dev/tcp as a Weapon

Recommended Posts

MartinD

I was browsing trough some old videos for honeypots and one particular attacker used interesting technique which I haven't seen for a very long time. It's about abusing the device files in unix system to preform interesting stuff such as port scanning and you can as well do reverse shell.

 

You can use this when you own a box and need to scope the internal network as well but on the box you don't have your favorite nmap, also you can transfer files with this and netcat also you can make a small bash browser(Well, kind of... when you don't have curl or wget.)

 

Here is a small script I wrote quickly while on a break. It can be improved so, feel free.


#!/bin/bash

#

# Simple Port Scanner 

# x4d44.mk



#Global Variables

TARGET=$2



case $1 in

	"-a")

		for i in {1..65535};do

			&> echo > /dev/tcp/$TARGET/$i

			[ $? == 0 ] && echo "[+]Open port: $i"

		done

		;;

	"-t")

			PORT=$3

			&> echo > /dev/tcp/$TARGET/$PORT

			[ $? == 0 ] && echo "[+]Open port: $PORT"

		;;

	"-all")

			TARGET_START_POINT=$2

			TARGET_PORT_POINT=$3

			for i in {0..255};do

				TARGET_START_POINT=`echo $TARGET_START_POINT | cut -d"." -f1-3`

				TARGET_START_POINT=$TARGET_START_POINT".$i"

				ping -c 1 -w 5 $TARGET_START_POINT &>/dev/null

				if [ $? -ne 1 ] ; then

					echo "Staring Port Scanner for $TARGET_START_POINT"

						for z in `seq $TARGET_PORT_POINT`;do

							&> echo > /dev/tcp/$TARGET_START_POINT/$z

							[ $? == 0 ] && echo "[+]Open port: $z"

						done

				else 

						# Just An Echo Empty Sad Line Here... Leave Me Alone it says.

						echo "$TARGET_START_POINT is down."

				fi

				done

			;;



	*)

		echo "Usage:"

		echo -e "\t -a   | Scan all ports on a single target."

		echo -e "\t -t   | Check if port is open on a single target."

		echo -e "\t -all | Scan all IP's with all ports."

		;;

esac

References:

  1. /dev/tcp as a weapon
  2. /dev/ at tldp
  3. PenTest Monkey CheatSheet.
  • Like 1

Share this post


Link to post
Giuseppe

Thanks for sharing MartinD!

As you already said, this is an old school weapon, but still very useful in the reverse shelling world. Especially when you have to bypass filters and restrictions.

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×