bash 竟然可以这样玩 /dev/tcp

yjh777

If bash was compiled with --enable-net-redirections, it has the capability of
using a special character device for both TCP and UDP redirections. These
redirections are used identically as STDIN/STDOUT/STDERR. The device entries
are 30,36 for /dev/tcp:

  mknod /dev/tcp c 30 36

>From the bash reference:
/dev/tcp/host/port
    If host is a valid hostname or Internet address, and port is an integer
port number or service name, Bash attempts to open a TCP connection to the
corresponding socket.

1. $ sudo mknod /dev/tcp c 30 36
   
2. $ for ((i=1; i<1024; i++)); do port=$i; timeout 1 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null && echo "port $port is open"; done
   
3. port 22 is open
   
4. port 631 is open

复制代码

不过下面的测试没有得道想要的结果，cat 没有得到数据，可能时请求报文格式不对？

1. $ exec 100<>/dev/tcp/127.0.0.1/8080; echo -e "GET / HTTP/1.0\n" >&100; cat <&100

复制代码

yjh777

1. $ exec 100<>/dev/tcp/www.163.com/80; echo -e "GET / HTTP/1.0\n" >&100; cat <&100
   
2. HTTP/1.0 500 Server Error
   
3. Cache-Control: no-cache
   
4. Connection: close
   
5. Content-Type: text/html
   
6. 
   
7. <html><body><h1>500 Server Error</h1>
   
8. An internal server error occured.
   
9. </body></html>
   
10. $ exec 100<>/dev/tcp/bbs.chinaunix.net/80; echo -e "GET / HTTP/1.0\n" >&100; cat <&100
    
11. HTTP/1.1 400 Bad Request
    
12. Server: NewDefend
    
13. Date: Wed, 13 Jan 2016 09:51:20 GMT
    
14. Content-Type: text/html
    
15. Content-Length: 170
    
16. Connection: close
    
17. 
    
18. <html>
    
19. <head><title>400 Bad Request</title></head>
    
20. <body bgcolor="white">
    
21. <center><h1>400 Bad Request</h1></center>
    
22. <hr><center>Newdefend</center>
    
23. </body>
    
24. </html>
    

复制代码

bikong0411

1. exec 100<>/dev/tcp/www.baidu.com/80; echo -e "GET / HTTP/1.0\r\nHost:www.baidu.com\r\n\r\n" >&100; cat <&100

复制代码

yjh777

谢谢，对HTTP协议不熟。
协议头部格式对了应该就好了

yjh777

刚试了一下，mac 上面也支持。
FreeBSD 没有环境，猜应该也可以