InfoSec

Bash: easy health check for TCP connections

Useful for "living off the land" techniques or in scripts:

timeout 1 bash -c "cat /dev/null > /dev/tcp/google.com/80"
echo $? # 0 = OK

TLDR: run the command "cat /dev/null > /dev/tcp/google.com/80" which uses linux's TCP device files and wait for 1 second. If the TCP connection is successful, exit code will be 0

Uwrapping the above command from the end:

  • /dev/tcp/google.com/80 : we're using linux's inbuilt TCP/IP dev files
  • cat /dev/null > /dev/tcp/google.com/80 : sending "null" to this endpoint (google.com, port 80)
  • Sending "null" will obviously not return any valid data, but it will attempt to open a TCP connection to our target. In order not to wait around forever, we use the timeout command, and wait for one second for our cat command to complete
  • Because we use a redirect in the bash command we feed into timeout, it's easier to wrap the command with inverted commas (to avoid redirecting the output of "timeout" itself by mistake), and feed it into bash -c which accepts string commands and feeds them to bash
  • echo $? outputs the previous command's exit code. In this case, 0 will mean TCP connection was successful, and otherwise a non-zero exit code is returned

Linux
InfoSec
0
OAuth2 Flow

image

InfoSec
0
Linux System Enumeration

Script: LinEnum.sh, performs many checks automatically that help list potentially interesting information when pentesting a Linux environment:

LinEnum repo

InfoSec
0
Living Off the Land: Linux

The GTFOBins project Get The F**k Out Binaries list binaries / commands / arguments which will allow for privilege escalation in a Linux environment:

GTFOBins Project Page

InfoSec
0
Living of the Land: Windows

The LOLBAS project Living Off the Land Binaries And Scripts provides various binaries / commands / arguments that help in a windows environment:

LOLBAS project homepage

InfoSec
0