
Monday 4 January 2016


This tutorial was kali linux private projects hack you want 

for possible condition 

research on more articles to help. 

Bash shell has a assembled in characteristic that enable to open port


socket operate a easy syntax. This is very handy when tools like 

netcat are not installed or we don’t have the authorization to use it.

The syntax is

$ exec {file-descriptor}<>/dev/{protocol}/{host}/{port}

{file-descriptor} – 0, 1 and 2 are reserved for stdin, stdout and stderr accordingly. At most3 necessary be used. The Bash physical propose to be careful in using label above 9 since there be able disagreement with heading used privately by the shell.
<> – the file is open for both reading and writing
{protocol} – TCP or UDP
{host} – ip address or domain name of the host
{port} – logical port

Socket can will close using.

$ exec {file-descriptor}<>&-

To send a message through the socket

echo -e -n "$MSG_OUT" >&3


printf "$MSG_OUT" >&3

To read a message from the socket

read -r -u -n $MSG_IN <&3

Output can be printed recursively

while read LINE <&3

    echo $LINE >&1

Or read entirely in one variable

OUTPUT=$(dd bs=$BYTES count=1 <&3 2> /dev/null)


$ exec 3<>/dev/tcp/

We are opening a socket for reading and writing to the 1234 port in the loopback interface.
The /dev/tcp and /dev/udp files aren’t real devices but are keywords interpreted by the Bash shell. Being a “bashism” this solution is not portable even if seems that ksh and zsh shells have the same feature enabled.
In this example we fetch the Google main page:

$ exec 3<>/dev/tcp/

$ echo -e "GET / HTTP/1.1\n\n" >&3

$ cat <&3

It’s good practice to always close file descriptors

$ exec 3<&-

$ exec 3>&-

Finally,  IRC server example:


# Config


# Main

exec 3<>/dev/tcp/${SERVER}/${PORT}
echo "NICK ${NICK}" >&3
echo "USER ${NICK} 8 * : ${NICK}" >&3
echo "JOIN ${CHANNEL}" >&3
cat <&3

exit $?

Enable/disable net redirections

More the feature must be enabled in Bash at compile time. To enable it if you want to compile the Bash yourself include the flag


while to disable it explicitly use


Each distribution may or not have the feature enabled in their precompiled Bash.

This is a built-in feature that needs to be enabled in Bash at compile time but also ksh and zsh seem to have it. System administrators might want to disable this feature since could represent a security concern. In general the use of specific tools to create sockets like netcat and socat are preferable if possible.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.