SecurityDocs: Comment on NetCat Tutorial



Yüklə 45,04 Kb.
tarix14.10.2017
ölçüsü45,04 Kb.
#4656

Netcat


As an alternative to relatively limited TELNET scripts for network “hacking”, Netcat (quite literally UNIX “cat” command over a network) is a simple Linux/Unix/Windows utility which reads and writes data across TCP/UDP/IP port network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or is easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities. “nc" as the actual command line for “Netcat”. LINUX and Windows also has a GUI frontend to the netcat command line application. Netcat’s homepage is: http://netcat.sourceforge.net/


Netcat Syntax


  • “Client” mode - connect to a port outbound to somewhere: nc [-options] hostname port[s] [ports] ...

  • “Server” mode - listen (-l flag) on a port for inbound connections from somewhere: nc -l -p port [-options] [hostname] [port]

Note: Most UNIX/LINUX systems require ROOT authority to “listen” on a port less than 1024.


nc -h
nc options:

-e prog program to exec after connect [dangerous!!]

-b allow broadcasts

-g gateway source-routing hop point[s], up to 8

-G num source-routing pointer: 4, 8, 12, ...

-h this list

-i secs delay interval for lines sent, ports scanned

-l listen mode, for inbound connects

-n numeric-only IP addresses, no DNS

-o file hex dump of traffic

-p port local port number

-r randomize local and remote ports

-q secs quit after EOF on stdin and delay of secs

-s addr local source address

-t answer TELNET negotiation

-u UDP mode

-v verbose [use twice to be more verbose]

-w secs timeout for connects and final net reads

-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive]

Netcat command examples:

Simple File Transfer


Start two copies of netcat on the same machine locally:

nc -l 1111
Here, using the –l switch, we are able to specify that netcat should go into ‘listen mode’ i.e. to listen on the specified port. Using –p 1111 we are able to specify that we are using port 1111. To summarize, netcat will sit and listen for TCP connections on port 1111 and print any data it receives out to the screen.

In another window we start netcat as:



nc 127.0.0.1 1111
This will connect to host 127.0.0.1 (Locally) on port 1111.

Window 1:

netcat -l -p 1111
This message was typed in WINDOW1

This message was typed in WINDOW2

Now end communication with ^C (Ctrl-C)
Window 2:
nc 127.0.0.1 1111

This message was typed in WINDOW1

This message was typed in WINDOW2

Now I'm going to end communication with ^C (Ctrl-C)


This is the most basic use of netcat - using a BASH shell and pipe ‘|’ data to and from netcat, as well as using the redirection (‘>’, ‘>>’, ‘<’, ‘<<’) to allow netcat to integrate into the shell environment. Examples using netcat with redirection operators.

Transmit a plaintext file.

In one window, we will start netcat as:



nc -l 1111 > outputfile
This will run netcat with the same parameters specified above, except it will redirect all text received into ‘outputfile’.
infile

This is a test file.

I am going to attempt to transmit this.

Using Netcat.


Here, we have created some text in a file, and this is the file we are going to attempt to transmit:

cat infile | nc 127.0.0.1 1111 –q 10
Hopefully this has now been transmitted to the otherside:
cat outputfile

This is a test file.

I am going to attempt to transmit this.

Using Netcat.


The –q 10 in the command line will quit after EOF (Otherwise netcat will hang waiting for more input for cat and we will have to terminate it manually). The parameter ‘10’ causes it to quit after 10 seconds anyway.

Tar


Integrate tar and netcat together, and use this to transmit a directory across a netcat socket:

On one side: tar zcfp - /path/to/directory | nc -w 3 127.0.0.1 1234


The tar statement before the pipe tar’s and compresses (using gzip) every file within that directory, before printing its output to stdout (The screen). It is then caught by the pipe, and piped to nc which in this example, connects to 127.0.0.1 on port 1234 and sends it the data which would normally hit the screen. The –w 3 switch causes nc to allow for a 3 second timeout (In the event of a temporary disconnection or similar).
On the other side: nc -l -1234 | tar xvfpz –

This will listen on port 1234 for a connection, and will pass any data received to tar.



UDP


Netcat also supports the UDP/IP protocol, this feature can be invoked with the –u switch.

Simple Socket Reply


To get netcat to listen in on a socket, and send any data we wish when it receives a connection.

echo “Leave me alone” | nc –l 1234 –w 10
This nc command is listening in on port 1234 with a wait time of 10 seconds. If/when we receive a connection, pipe the results of echo “Leave me alone” to netcat. The –w 10 is necessary, as otherwise any connection made in will remain open forever. We can also optionally add a –v in to the netcat command line which will give us verbose information, i.e. who is connecting.

Every time a connection times out (either with the –w 10 command line switch, or because a connection has been made and then closed), netcat will exit.


Program Execution

nc –e


Netcat has a –e switch which we can use to execute a program on connection i.e. running as nc –e –v … called by the inetd wrapper, which can be used to view traffic and information on users connecting to wrapped daemons.

The most common use is using it to redirect to and from /bin/bash or similar shell.



nc -v -e '/bin/bash' -l -p 1234 -t

listening on [any] 1234 ...

connect to [127.0.0.1] from localhost [127.0.0.1] 51210
In one window, and a simple ‘telnet localhost 1234’ in another window:
telnet 127.0.0.1 1234

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

echo Test

Test


^]

telnet>

Port Scanning


The scanning features of netcat can be used against a network to get useful information about which hosts have certain ports open. You can also send a precompiled data file to each.
A TCP port scanning example (with connection):
echo EXIT | nc -w 1 127.0.0.1 20-250 500-600 5990-7000
Will scan 127.0.0.1 on ports 20-250, 500-600 and 5990-7000. Every port that it finds is open, it will pipe the output of echo “EXIT” being the word “EXIT” to that port.

A UDP port scanning example (no connection):


nc -v -z –u 127.0.0.1 20-250 500-600 5990-7000
-v was to put netcat into verbose mode, and –u was telling netcat to fall into UDP mode.

Simple Web Client

echo -e "GET http://www.google.com HTTP/1.0\n\n" | nc –w 5 www.google.com 80


Make a connection to google.com on port 80 (Web server port), and put in an HTTP request for http://www.google.com.

At this point, we are presented with the uninterpreted HTML sent by the web server and locally to STDOUT.


Simple Web Server


Cat webfrontend:

Test Page!

Welcome to my webpage!


Yüklə 45,04 Kb.

Dostları ilə paylaş:




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2024
rəhbərliyinə müraciət

    Ana səhifə