Can I pipe/redirect a console application through netcat so it can be used remotely?
Is it possible to 'pipe' an instance of a console application through netcat, so netcat is listening for a new connection and redirects the stdin and stdout over the network connection.
Solution 1:
Well, as documented in Wikipedia and netcat documentation, there is a -e option that causes it to spawn (execute) a program upon receipt of a connection, attaching the socket to stdin, stdout, and stderr of the process. Example usage:
nc -l -pport_number-eprogram_name
Examples commonly show /bin/sh or bash being used as the program_name. Use of this option is discouraged because it basically opens an anonymous, passwordless access portal into your machine. Of course, this is mitigated by using a program with less power than the shell (one that doesn’t have the ability to escape to a shell), minimizing your use of it, and keeping it a secret. Nonetheless, the original developers of netcat felt strongly enough that this option was a bad idea that they disabled it by default, and conditioned it under the “GAPING_SECURITY_HOLE” compilation option. This is mentioned briefly in this NetCat Tutorial and other netcat documentation.
A Google search led me to discussions of this issue on other Stack Exchange sites: Stack Overflow and Server Fault. Multiple contributors offered the following technique to do the same thing without using the -e option (i.e., in a version of netcat that has the -e option disabled):
On the server:
mkfifopipe_namenc -l -pport_number<pipe_name|program_name>pipe_nameOn the client:
ncserver_machine_nameport_number
A couple of notes:
- On some versions of
netcat,-limplies-p, so you should say just-land then the port number. - You might want to wrap your solution in a
while trueloop.