In some Linux web apps, you may need to test the network, but the customer’s VNET doesn’t allow external connections, and the available tools in the blessed image are limited.

This tutorial will show you how to work around this limitation by downloading the necessary binary (such as tcpping) from an external environment and then transferring it to the restricted environment using base64 encoding.

TOC:

Preparing the Binary from a Network-Accessible Environment
Transferring the Binary to the Restricted Environment
Executing the Binary in the Restricted Environment
Conclusion

Preparing the Binary from a Network-Accessible Environment

STEP 1: Find an environment that has internet access, and download the required binary (in this case, tcpping) or any other necessary binary using the wget command.

wget https://pingpros.com/pub/tcpping

STEP 2: Since the restricted environment cannot access the internet directly, we will convert the binary into base64 format. If the binary is under 1 MB in size, it can be transferred using the terminal.

base64 tcpping > tcpping.txt ; rm tcpping

STEP 3: You now have a tcpping.txt file that contains the base64-encoded binary. Display the contents of the file so that you can copy and paste it into the restricted environment later:

cat tcpping.txt ; rm tcpping.txt

Transferring the Binary to the Restricted Environment

STEP 1: Once you are in the restricted environment (where you cannot access the external network), save the base64-encoded binary by pasting it into a new text file. Use the following command to save it as tcpping.txt:

echo “YOUR_BASE64_HERE” > tcpping.txt

Replace YOUR_BASE64_HERE with the content of the base64-encoded tcpping.txt that you copied from the network-accessible environment.

STEP 2: Decode the base64-encoded file back into a binary using the following command:

base64 -d < tcpping.txt > tcpping
chmod 755 tcpping

Executing the Binary in the Restricted Environment

STEP 1: Run the binary to test the local network. For example, you can ping the loopback address (127.0.0.1):

./tcpping 127.0.0.1

STEP 2: Check the results of the network test to ensure that the tcpping binary is working properly.

Conclusion

By following these steps, you can successfully transfer and execute binaries in a Linux web app environment that does not allow external internet access. This method uses base64 encoding to move small binaries into the restricted environment for network testing or other purposes.

This approach has several limitations, aside from the overall file size not being too large:

You must choose a static binary without dependent libraries, and it is best if it is a single file, such as nslookup or dig.
You must ensure that the file source does not contain malicious code, and you cannot sacrifice system and data security for the sake of convenient transmission.
Similarly, if the operating unit is a company, you need to pay extra attention to whether IT has any restrictions on related behaviors.

​Microsoft Tech Community – Latest Blogs –Read More