Follow

TIL: provides pseudo devices for TCP and UDP connections:

echo "hello" > /dev/udp/127.0.0.1/1337

or

exec 5<>/dev/tcp/www.google.com/80
echo -e "GET / HTTP/1.0\n" >&5
cat <&5

I'm baffled how I've never discovered that until today.

@fribbledom on Plan9 this wouldn't be a bash thing but a real filesystem :P

@Wolf480pl @fribbledom Bash's way is morbidly similar to those special file names in DOS that Windows is still backwards compatible with (which caused some Rust package to fail on Windows and for a while no one understood why)

@fribbledom I'm more surprised someone's *built something substantial* using that: testssl.sh/

@fribbledom oh this is bash? i thought it was the kernel that provided that

@nik

I don't think it is the kernel... unless those udev rules only apply to bash for some weird reason.

Just did a quick test trying that in zsh and it failed.

@fribbledom @nik starting bash, your second command works, but `ls /dev/tcp` or `/dev/udp` yields nothing, maybe that's why you didn't notice?

Seems like a rather irregular thing to do tbh.. But then i wouldn't know.

@jasper

Yeah, it's pretty undiscoverable as a user, I'd say.

The first command probably works, too. It's not supposed to output something, it just sends a UDP message to your localhost, port 1337.

@nik

@fribbledom Special handling of certain file names is for redirections, and it is a Bash feature.

"Bash handles several filenames specially when they are used in redirections, as described in the following table. If the operating system on which Bash is running provides these special files, bash will use them; otherwise it will emulate them internally..."

gnu.org/software/bash/manual/h

@jasper @nik

@sajith @fribbledom @jasper @nik can confirm it's bash, does not work in #zsh… unfortunately… 😢

@fribbledom ha, brilliant, didn't know that! though i'd still go with

@fribbledom i've used this for data recovery before

i accidentally overwrote my luks header, lvm header, and a large chunk of my root partition, so i had nearly no chance of recovering my system if i shut it down

so what i was left with was one bash session, in a tty, loaded into memory, and nothing else. no cat, no ls, no cp, no utilities whatsoever aside from bash. my first instinct after digging around was to use /dev/tcp to put a static rsync on this machine, then get my files off (as networking was still functional). but to use /dev/tcp to bring a file over, you need some way to redirect from /dev/tcp as stdin, to a file, and there is no way to do this in pure bash, you need something like cat.

so i wrote a program in asm that piped stdin back to stdout, compiled it, converted it to hex, put it on an arduino micro (atmega 328p, keyboard emulation), which then typed the hexcode of the program into the console. i then put this hex into an executable file i had on my home partition (still mounted), and used it with /dev/tcp and netcat on my laptop to copy a static rsync to my desktop, which i then used to copy my files over

if you're curious, the files i wanted that weren't backed up were my music library.
@fribbledom this took 5-6 hours to pull off, i didn't cover all the other things i tried before this...

@nik @fribbledom that is pure Mac Guyver level of recovery. If I ever fuck up my LUKS I need to toot you

@fribbledom
Super nice when scripting to check whether some service has finished booting up!

@fribbledom That's quite odd, normally I'd see people use curl.

@fribbledom Ick. gawk too, IIRC. Should bu system level, so everything has access (like Plan 9, as noted elsewhere).

@fribbledom
I've known about it, but it's like knowing what's in the Necronomicon, it's powerful, but nothing good will come from it.

@fribbledom could you use that to send video and audio streams over the network?🤔

@fribbledom I think some builds compile it out because they're scared that any shell script being able to access the net could unwrap security issues no one really thought of

@penguin42 @fribbledom Yeah, with netcat flagged by AV if it was built with the `-e` option enabled, I will be a little surprised to see this work in a vanilla installation without extra work to turn it on. "Will" and not "would" because *of course* it's been there all the time without anyone getting wise.

@fribbledom whoa that's bizarre, from the manpage description I wonder if they did it to mimic some previous OS functionality that they wished were available on all platforms

that exec syntax in the first line of the second example is strange! anyone know what it's called or how I could learn more about it?

also how would you close the network connection created in the second example?

wild stuff damn

@fribbledom I've wrote a pure bash irc client some time ago using that..
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!