Useful for "living off the land" techniques or in scripts:
timeout 1 bash -c "cat /dev/null > /dev/tcp/google.com/80"
echo $? # 0 = OK
TLDR: run the command "cat /dev/null > /dev/tcp/google.com/80" which uses linux's TCP device files and wait for 1 second. If the TCP connection is successful, exit code will be 0
Uwrapping the above command from the end:
/dev/tcp/google.com/80
: we're using linux's inbuilt TCP/IP dev filescat /dev/null > /dev/tcp/google.com/80
: sending "null" to this endpoint (google.com, port 80)cat
command to completetimeout
, it's easier to wrap the command with inverted commas (to avoid redirecting the output of "timeout" itself by mistake), and feed it into bash -c
which accepts string commands and feeds them to bashecho $?
outputs the previous command's exit code. In this case, 0 will mean TCP connection was successful, and otherwise a non-zero exit code is returnedScript: LinEnum.sh, performs many checks automatically that help list potentially interesting information when pentesting a Linux environment:
The GTFOBins project Get The F**k Out Binaries list binaries / commands / arguments which will allow for privilege escalation in a Linux environment:
The LOLBAS project Living Off the Land Binaries And Scripts provides various binaries / commands / arguments that help in a windows environment: