146 lines
3.6 KiB
Diff
146 lines
3.6 KiB
Diff
From: Aron Xu <aron@debian.org>
|
|
Date: Mon, 13 Feb 2012 19:06:52 +0800
|
|
Subject: misc failures and features
|
|
|
|
---
|
|
Makefile | 3 ++-
|
|
nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
netcat.c | 14 ++++++++++++--
|
|
3 files changed, 65 insertions(+), 3 deletions(-)
|
|
|
|
--- a/Makefile
|
|
+++ b/Makefile
|
|
@@ -3,7 +3,8 @@
|
|
PROG= nc
|
|
SRCS= netcat.c atomicio.c socks.c
|
|
|
|
-LIBS= `pkg-config --libs libbsd` -lresolv
|
|
+PKG_CONFIG ?= pkg-config
|
|
+LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv
|
|
OBJS= $(SRCS:.c=.o)
|
|
CFLAGS= -g -O2
|
|
LDFLAGS= -Wl,--no-add-needed
|
|
--- a/nc.1
|
|
+++ b/nc.1
|
|
@@ -365,6 +365,54 @@ and which side is being used as a
|
|
The connection may be terminated using an
|
|
.Dv EOF
|
|
.Pq Sq ^D .
|
|
+.Pp
|
|
+There is no
|
|
+.Fl c
|
|
+or
|
|
+.Fl e
|
|
+option in this netcat, but you still can execute a command after connection
|
|
+being established by redirecting file descriptors. Be cautious here because
|
|
+opening a port and let anyone connected execute arbitrary command on your
|
|
+site is DANGEROUS. If you really need to do this, here is an example:
|
|
+.Pp
|
|
+On
|
|
+.Sq server
|
|
+side:
|
|
+.Pp
|
|
+.Dl $ rm -f /tmp/f; mkfifo /tmp/f
|
|
+.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f
|
|
+.Pp
|
|
+On
|
|
+.Sq client
|
|
+side:
|
|
+.Pp
|
|
+.Dl $ nc host.example.com 1234
|
|
+.Dl $ (shell prompt from host.example.com)
|
|
+.Pp
|
|
+By doing this, you create a fifo at /tmp/f and make nc listen at port 1234
|
|
+of address 127.0.0.1 on
|
|
+.Sq server
|
|
+side, when a
|
|
+.Sq client
|
|
+establishes a connection successfully to that port, /bin/sh gets executed
|
|
+on
|
|
+.Sq server
|
|
+side and the shell prompt is given to
|
|
+.Sq client
|
|
+side.
|
|
+.Pp
|
|
+When connection is terminated,
|
|
+.Nm
|
|
+quits as well. Use
|
|
+.Fl k
|
|
+if you want it keep listening, but if the command quits this option won't
|
|
+restart it or keep
|
|
+.Nm
|
|
+running. Also don't forget to remove the file descriptor once you don't need
|
|
+it anymore:
|
|
+.Pp
|
|
+.Dl $ rm -f /tmp/f
|
|
+.Pp
|
|
.Sh DATA TRANSFER
|
|
The example in the previous section can be expanded to build a
|
|
basic data transfer model.
|
|
@@ -517,6 +565,9 @@ Original implementation by
|
|
.br
|
|
Rewritten with IPv6 support by
|
|
.An Eric Jackson Aq Mt ericj@monkey.org .
|
|
+.br
|
|
+Modified for Debian port by Aron Xu
|
|
+.Aq aron@debian.org .
|
|
.Sh CAVEATS
|
|
UDP port scans using the
|
|
.Fl uz
|
|
--- a/netcat.c
|
|
+++ b/netcat.c
|
|
@@ -98,6 +98,7 @@
|
|
#include <netdb.h>
|
|
#include <poll.h>
|
|
#include <signal.h>
|
|
+#include <stddef.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
@@ -246,7 +247,10 @@ main(int argc, char *argv[])
|
|
struct addrinfo hints;
|
|
struct servent *sv;
|
|
socklen_t len;
|
|
- struct sockaddr_storage cliaddr;
|
|
+ union {
|
|
+ struct sockaddr_storage storage;
|
|
+ struct sockaddr_un forunix;
|
|
+ } cliaddr;
|
|
char *proxy = NULL, *proxyport = NULL;
|
|
const char *errstr;
|
|
struct addrinfo proxyhints;
|
|
@@ -945,6 +949,8 @@ unix_bind(char *path, int flags)
|
|
0)) < 0)
|
|
return -1;
|
|
|
|
+ unlink(path);
|
|
+
|
|
memset(&s_un, 0, sizeof(struct sockaddr_un));
|
|
s_un.sun_family = AF_UNIX;
|
|
|
|
@@ -1070,8 +1076,10 @@ unix_connect(char *path)
|
|
if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) < 0)
|
|
return -1;
|
|
} else {
|
|
- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0)
|
|
+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) < 0) {
|
|
+ errx(1, "create unix socket failed");
|
|
return -1;
|
|
+ }
|
|
}
|
|
|
|
memset(&s_un, 0, sizeof(struct sockaddr_un));
|
|
@@ -1081,10 +1089,12 @@ unix_connect(char *path)
|
|
sizeof(s_un.sun_path)) {
|
|
close(s);
|
|
errno = ENAMETOOLONG;
|
|
+ warn("unix connect abandoned");
|
|
return -1;
|
|
}
|
|
if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) < 0) {
|
|
save_errno = errno;
|
|
+ warn("unix connect failed");
|
|
close(s);
|
|
errno = save_errno;
|
|
return -1;
|