Created
September 21, 2021 01:31
-
-
Save nikolabura/3805fb22b9077c515450421eee3d2df8 to your computer and use it in GitHub Desktop.
Clumsy socat authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Almost certainly vulnerable; kind of neat anyways. DO NOT USE for anything important. | |
| # vvvv<-PORT PASSWORD->vvvvvvvv vvvv<-SECURE COMMAND | |
| socat tcp-listen:8080,reuseaddr,fork system:"head -n 1 | grep -q '^password' && date" | |
| Connecting: | |
| $ echo password | nc remote 8080 # succeeds | |
| Mon Sep 20 21:29:36 EDT 2021 | |
| $ echo notthepassword | nc remote 8080 # fails | |
| $ echo passwordaaaaaa | nc remote 8080 # still succeeds with extra content following... use $ in grep to prevent | |
| Mon Sep 20 21:29:47 EDT 2021 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment