Skip to content
This repository has been archived by the owner on Jul 8, 2023. It is now read-only.

amirhnajafiz-archive/netcat-gaping-security-hole

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Netcat gaping security hole

What was Netcat Gaping Security Hole?

Netcat is the TCP/IP swiss army knife, a more flexible, scriptable version of Telnet. It contains a feature that allows stdin and stdout of any arbitary program to be redirected over TCP, enabling an attacker to run any shell scripts.

Creating in Golang

With creating a Pipe, I allow stdin and stdout to redirected over TCP:

// creating the shell
cmd := exec.Command("/bin/sh", "-i")
// creating our pipeline
rp, wp := io.Pipe()

// binding stdin and stdout to user connection and pipe output
cmd.Stdin = conn
cmd.Stdout = wp

// copy the input into pipeline
go io.Copy(conn, rp)

How to run?

Server:

go run main.go

Client:

go run client/client.go