Debugging in the container: http when you don’t have curl

Same sort of deal as the previous post. Let’s say you are trying to understand why you are getting a 404 when you access a host from within a container, but not from outside. So you help yourself to a little bash-fu:

exec 3<>/dev/tcp/
echo -e "GET /ubuntu/dists/bionic-security/InRelease HTTP/1.1\r\nhost:\r\n\r\n" >&3
cat <&3

You run it, and it says:

HTTP/1.1 404 Not Found
date: Sun, 30 Sep 2018 21:22:22 GMT
server: envoy
content-length: 0

hmm.  Envoy. I’m missing an egress rule in Istio!

This strategy of using the tools that exist is sometimes called ‘living off the land‘ in the cyber-security space. The anti-virus won’t catch you since you are not installing anything, merely using what is there differently.

Didn’t think someone could exfiltrate data from your system because it doesn’t have perl & curl? Think again bash fans!






Leave a Reply

Your email address will not be published. Required fields are marked *