hack | WYWINWYG

Sometime ago, I’ve received SSH access to a host which was quite restricted. Lots of executables are denied execution, as it was supposed to be only for learning, so no network access curl/wget/nc/socat/ssh -(L|D|R), or compilers, but then it’s got bash. Here is a tiny hack to connect to IRC from that host:

1. Create a file irc.sh on $host:

#!bash
exec 3<>/dev/tcp/irc.freenode.net/7070
cat <&3 &
cat >&3

2. Add following line to inetd/xinetd (or netcat):

sua     stream  tcp     nowait          $localuser    /usr/bin/ssh    ssh -i $privatekey -l $user $host bash irc.sh

3. Now connect your IRC client to localhost:sua (localhost:14001).

This is only a fun hack, and not something used to regularly circumvent access. 😛

% i=0; for j in $(jot 100 1); do if [ $i = 4 ]; then printf "%2x %2x %2x %2x %2x\n" $s $j; s=""; i=0; else i=$((i+1)); s="$s $j"; fi; done 1 2 3 4 5 6 7 8 9 a b c d e f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64

% jot 100 1 |xargs -n 5 printf "%2x %2x %2x %2x %2x\n" 1 2 3 4 5 6 7 8 9 a b c d e f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d 5e 5f 60 61 62 63 64

WYWINWYG

what you want is not what you get

Tag Archives: hack

IRC proxy-ing

xargs

June 2017
M	T	W	T	F	S	S
« Dec
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30