search

crossbowerbt / awk-webserver

A simple webserver, written in GNU awk, that supports directory listing and download of file from the directory where it is launched
212 stars 14 forks source link

Avoid dependency on SOCAT #1

Open CompuRoot opened 1 year ago

CompuRoot commented 1 year ago

gawk already can talk to a network without assistance from external utilities by utilizing special type of files.

From man:

The following special filenames may be used with the |& coprocess operator for creating TCP/IP network connections:
       /inet/tcp/lport/rhost/rport
       /inet4/tcp/lport/rhost/rport
       /inet6/tcp/lport/rhost/rport

So listening loop can be much simpler, as a prove of concept, below is the simplest web server in plain gawk

#!/bin/sh

gawk -v ListeningPort=12345 'BEGIN {
  content="HTTP/1.1 200 OK\r\n"
  content=content "Content-Length: 12\r\n"
  content=content "Content-Type: text/plain; charset=utf-8\r\n\r\n"
  content=content "Hello World!"

  socket = "/inet/tcp/" ListeningPort "/0/0";
  while (1) {
    printf content |& socket;
  }
}'

BTW, the same can be done with bash and that the reason why on production servers bash, gawk and so on has 700 permission and root:root ownership, to make hackers live harder because the first thing they do if they get access to user's accounts, - utilizing network capability of bash/gawk to create reverse shell.

crossbowerbt commented 10 months ago

Thanks for the comment. I can make a different version of the script for Linux, but at the moment my targets are also BSD systems.

SOCAT is a nice compromise, since it allows the use of standard awk (not gawk) and generic shells (like KSH)