From http://www.vulnwatch.org/netcat/readment.txt
To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 <>
You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose. It tells you a little info about the connection
when it starts.
So the leftward facing arrow ( < )means "Inject the contents of get.txt into the connection just opened to website.com port 80" Inside the get.txt file is "GET / HTTP/1.0" and a couple of returns. This will get the webpage. A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option. You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.
nc -l -p 23 -t -e cmd.exe
will get Netcat listening on port 23 (telnet). When it gets connected to
by a client it will spawn a shell (cmd.exe). The -t option tells Netcat
to handle any telnet negotiation the client might expect.
This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect. You could just as well use
Netcat instead of telnet:
nc xxx.xxx.xxx.xxx 23
The -l means "listen". The -p means "port"
The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing. Do a little exploring and
see if the firewall you may be behind lets port 53 through. Run Netcat
listening behind the firewall on port 53.
nc -L -p 53 -e cmd.exe
Then from outside the firewall connect to the listening machine:
nc -v xxx.xxx.xxx.xx 53
If you get a command prompt then you are executing commands on the
listening machine. Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated. This way you can
connect over and over to the same Netcat process.
Friday, July 27, 2007
netcat
Tuesday, July 24, 2007
Cisco 871 wireless router - part 1
Once again I have proved to myself (the hard way of course) that you can't navigate the Internet using a private IP address. I'm trying to set up a cisco 871 wireless router.
I'm replacing a linksys wrt54g that may or may not work (what I know for sure is that I cannot make it work). I hooked up the 871w but could not access the Internet with my laptop thru the 871. Mind you, this is with the laptop connected to the 871 with a standard ethernet cable! I haven't even tried to use it wirelessly yet. After lots of cussing and fruitless searching on the Internet, it came to me that the source address of the packets from my laptop was 10.10.10.4 (Private!!!!!) which is on the little LAN that the 871 automatically created. So any device that I tried to contact out on the Internet could only chuckle at my foolishness as it thru my packets on the floor.
Consumer level routers (such as the wrt54g) may have their troubles, but I'll give them this: They don't make you jump thru hoops to set up NAT just to allow you to browse the Internet; they do NAT for you. The 871 does not. So that was my trouble. I needed NAT working so the device on the far end had an actual working public address to answer back to. The relevant part of my config now looks like this:
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip nat inside source list 23 interface FastEthernet4 overload
access-list 23 permit 10.10.10.0 0.0.0.7
The 871 now NATs the laptop's private source address into the 871's public address. The bright side of this story is that I figured the problem out all by myself. Now it's on to trying to get my laptop connected WIRELESSLY to the Internet thru the 871. I'm sure I will eventually get it done, but not without a little more cussing and fussing.
I'm replacing a linksys wrt54g that may or may not work (what I know for sure is that I cannot make it work). I hooked up the 871w but could not access the Internet with my laptop thru the 871. Mind you, this is with the laptop connected to the 871 with a standard ethernet cable! I haven't even tried to use it wirelessly yet. After lots of cussing and fruitless searching on the Internet, it came to me that the source address of the packets from my laptop was 10.10.10.4 (Private!!!!!) which is on the little LAN that the 871 automatically created. So any device that I tried to contact out on the Internet could only chuckle at my foolishness as it thru my packets on the floor.
Consumer level routers (such as the wrt54g) may have their troubles, but I'll give them this: They don't make you jump thru hoops to set up NAT just to allow you to browse the Internet; they do NAT for you. The 871 does not. So that was my trouble. I needed NAT working so the device on the far end had an actual working public address to answer back to. The relevant part of my config now looks like this:
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip nat inside source list 23 interface FastEthernet4 overload
access-list 23 permit 10.10.10.0 0.0.0.7
The 871 now NATs the laptop's private source address into the 871's public address. The bright side of this story is that I figured the problem out all by myself. Now it's on to trying to get my laptop connected WIRELESSLY to the Internet thru the 871. I'm sure I will eventually get it done, but not without a little more cussing and fussing.
Friday, July 20, 2007
ftp woes
I installed pure-ftp on venus today. It took me 3 hours to actually be able to use it!! When I tried to logon from an ftp client, it would always say "530 authentication failure" or some such. It took me a long while to figure out that I needed to start the program in the special way that makes it read a config file when it starts, rather than just use command line options. Then I had to change the config file because the default behavior was to use PAM authentication (which is beyond my knowledge at this point) rather than plain old /etc/passwd authentication. Finally I got it working.
For some reason, when you start it regularly (meaning from the script in /etc/rc.d/init.d), it wants to get its config from command line options. To start it using a config file, you have to type in the following command:
/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf is the config file. /usr/sbin/pure-config.pl is apparently a separate script that starts it and reads the config file as it starts. The regular start file is /usr/sbin/pure-ftpd I think.
What a mess! When computer reboots, I'll have to type in the above line again or put it in my local script. There must be an easier way.
For some reason, when you start it regularly (meaning from the script in /etc/rc.d/init.d), it wants to get its config from command line options. To start it using a config file, you have to type in the following command:
/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf is the config file. /usr/sbin/pure-config.pl is apparently a separate script that starts it and reads the config file as it starts. The regular start file is /usr/sbin/pure-ftpd I think.
What a mess! When computer reboots, I'll have to type in the above line again or put it in my local script. There must be an easier way.
SAMBA stuff
I turned SAMBA on on venus, but I could not see venus folders on jupiter, my Windows XP computer. The problem was that iptables on venus was not allowing the samba packets thru. I went to the system menu in Fedora 6, then chose "administration", then chose "security level & firewall" then checked the box next to samba to make it a trusted application.
The following lines in iptables apparently allow samba to work:
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
Samba has 2 parts: smbd and nmbd. The ports that samba apparently uses are:
137 udp - NETBIOS name service
138 udp - NETBIOS datagram service
139 tcp - NETBIOS session service
445 tcp - Microsoft-DS (directory services)
The following lines in iptables apparently allow samba to work:
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
Samba has 2 parts: smbd and nmbd. The ports that samba apparently uses are:
137 udp - NETBIOS name service
138 udp - NETBIOS datagram service
139 tcp - NETBIOS session service
445 tcp - Microsoft-DS (directory services)
Trying to speed up my vpn
The vpn between NBC and Shamrock now works, but it's s-l-o-w.
Mary tried to transfer some file using ws_ftp and it was just about unusable. I read somewhere that to speed it up, you might lower the mtu size because maybe the encryption bytes added to the vpn packets push every single packet above the default mtu of 1500 and so every one is fragmented. So I lowered the mtu on both inside and outside interfaces on my PIX to 1300. I need to do the same thing to the 2600 router on the other end. We'll see if this helps.
On PIX, to change the mtu:
king200(config)# mtu outside 1300
king200(config)# mtu inside 1300
To see that changes were actually made:
show int e0
show int e1
Mary tried to transfer some file using ws_ftp and it was just about unusable. I read somewhere that to speed it up, you might lower the mtu size because maybe the encryption bytes added to the vpn packets push every single packet above the default mtu of 1500 and so every one is fragmented. So I lowered the mtu on both inside and outside interfaces on my PIX to 1300. I need to do the same thing to the 2600 router on the other end. We'll see if this helps.
On PIX, to change the mtu:
king200(config)# mtu outside 1300
king200(config)# mtu inside 1300
To see that changes were actually made:
show int e0
show int e1
GnuCash files
This is not network maintenance strictly speaking, but this is a good place to put stuff that I don't want to lose. Below is the link to the explanation about GnuCash files and what files to backup. The xac files are the ones that contain the data. The log files have only the changes since the last xac. So if you save the latest xac, you've got a full back up.
http://www.gnucash.org/docs/v1.8/C/gnucash-guide/basics_backup1.html
http://www.gnucash.org/docs/v1.8/C/gnuca
Wednesday, July 11, 2007
LaCie Ethernet Drive mini
use ftp client to access drive at 192.168.47.49 username admin pw admin
You must type in /lacie in address bar of remote site (on right) or you will not be able to see shares
To access drive thru Windows, type the following into the Windows Explorer address bar (Not Internet Explorer):
\\192.168.47.49\lacie
20-aug-2010 Today I was able to access Lacie drive in Windows Explorer under My Network Places --> Entire Network --> Microsoft Windows network --> officenet.sham --> Edmini
Also I was able to access it in Win Exp using \\192.168.1.100\lacie
You must type in /lacie in address bar of remote site (on right) or you will not be able to see shares
To access drive thru Windows, type the following into the Windows Explorer address bar (Not Internet Explorer):
\\192.168.47.49\lacie
20-aug-2010 Today I was able to access Lacie drive in Windows Explorer under My Network Places --> Entire Network --> Microsoft Windows network --> officenet.sham --> Edmini
Also I was able to access it in Win Exp using \\192.168.1.100\lacie
Cisco 871 wireless router
Received cisco 871 wireless router from Newegg today. I plan to use it at home with a wireless IP camera for a dog-cam. I will be able to watch Baybay and Arbie from wherever I am!
I have a linksys wrt54g wireless router that works now, but those consumer grade routers are pretty lame. The other wrt54g I have does not want to work, and the linksys wireless camera also does not work anymore. I'm going to step up to a cisco wireless router and see if it's lame too!
I have a linksys wrt54g wireless router that works now, but those consumer grade routers are pretty lame. The other wrt54g I have does not want to work, and the linksys wireless camera also does not work anymore. I'm going to step up to a cisco wireless router and see if it's lame too!
Tuesday, July 10, 2007
vpn fixed by not NATing vpn traffic
May 2007 - The atlantic router at NBC was not allowing vpn to work. A great consultant I know, Marty, figured out that we simply should not nat any packets going thru the vpn. So he changed the config on atlantic as follows:
I originally had:
ip nat inside source list 35 interface Ethernet0/1 overload
access-list 35 permit 192.168.38.0 0.0.0.255
Marty created a new access list that says to deny (not really deny, just not nat) anything going thru the vpn and lets everything else go thru (get nated)
ip nat inside source list 150 interface Ethernet0/1 overload
access-list 150 deny ip 192.168.38.0 0.0.0.255 192.168.47.0 0.0.0.255
access-list 150 permit ip 192.168.38.0 0.0.0.255 any
Access list 35 should be removed from config since it is not being used anymore, but I haven't done it yet.
On the Shamrock side, Marty added a line that did the same thing, only in PIX lingo:
nat (inside) 0 access-list crypto-sham <-- this was added to not nat the vpn traffic nat (inside) 1 0.0.0.0 0.0.0.0 0 0 <-- this was already here to nat everything
access-list crypto-sham permit ip 192.168.47.0 255.255.255.0 192.168.38.0 255.255.255.0
I originally had:
ip nat inside source list 35 interface Ethernet0/1 overload
access-list 35 permit 192.168.38.0 0.0.0.255
This nats everything from the 38 subnet which is basically everything. We needed to stop nating packets destined for the vpn but keep nating everything else
Marty created a new access list that says to deny (not really deny, just not nat) anything going thru the vpn and lets everything else go thru (get nated)
ip nat inside source list 150 interface Ethernet0/1 overload
access-list 150 deny ip 192.168.38.0 0.0.0.255 192.168.47.0 0.0.0.255
access-list 150 permit ip 192.168.38.0 0.0.0.255 any
Access list 35 should be removed from config since it is not being used anymore, but I haven't done it yet.
On the Shamrock side, Marty added a line that did the same thing, only in PIX lingo:
nat (inside) 0 access-list crypto-sham <-- this was added to not nat the vpn traffic nat (inside) 1 0.0.0.0 0.0.0.0 0 0 <-- this was already here to nat everything
access-list crypto-sham permit ip 192.168.47.0 255.255.255.0 192.168.38.0 255.255.255.0
An old but useful logger note
12-mar-07 As root, I typed in "logger Its Monday here....." at shell prompt and the message was written to file /var/log/messages
Monday, July 9, 2007
Trying to copy files across an IPSEC vpn
I'm trying to figure out how to copy files across my vpn which goes from Shamrock to NBC.
private path 192.168.47.0 ---> 192.168.38.0
public path 208.115.11.214 ---> 208.115.24.30
The copy command I am using is:
copy c:\aaaa\COPYTEST.txt \\192.168.38.30\aaaa
192.168.38.30 is Mary's computer at NBC. It is named rover.
All I ever get is "The network path was not found."
The latest thing I tried was to add the following line to atlantic on the NBC side:
195 permit ip host 208.115.11.214 any
I realized that I don't know what king of protocol (tcp? udp?) that a Windows "copy" command would generate over the wire. I figured ip would be a good catch-all but, but it's still not working. But maybe it should be that I allow any IP from 192.168.47.0 ????? I'll try that in the morning, I'm out of time now. But the vpn should allow things from 192.168.47.0 to 192.168.38.0 by its very nature shouldn't it?
private path 192.168.47.0 ---> 192.168.38.0
public path 208.115.11.214 ---> 208.115.24.30
The copy command I am using is:
copy c:\aaaa\COPYTEST.txt \\192.168.38.30\aaaa
192.168.38.30 is Mary's computer at NBC. It is named rover.
All I ever get is "The network path was not found."
The latest thing I tried was to add the following line to atlantic on the NBC side:
195 permit ip host 208.115.11.214 any
I realized that I don't know what king of protocol (tcp? udp?) that a Windows "copy" command would generate over the wire. I figured ip would be a good catch-all but, but it's still not working. But maybe it should be that I allow any IP from 192.168.47.0 ????? I'll try that in the morning, I'm out of time now. But the vpn should allow things from 192.168.47.0 to 192.168.38.0 by its very nature shouldn't it?
Linux syntax that's easy to forget
Linux commands
To find files that start with "tay"
find / -name "tay*"
a lot of built in linux programs are in /usr/bin like the text editor:
/usr/bin/gedit
To see kernel version on a system that uses rpm:
rpm -q kernel
to see kernel version: uname -a
to see what processes are running: ps -e
reboot: shutdown -r now
To find files that start with "tay"
find / -name "tay*"
a lot of built in linux programs are in /usr/bin like the text editor:
/usr/bin/gedit
To see kernel version on a system that uses rpm:
rpm -q kernel
to see kernel version: uname -a
to see what processes are running: ps -e
reboot: shutdown -r now
Sysmon stuff
The sysmon status file : /var/www/html/sysmon.html <-- this loads into browser
The sysmon config file : /usr/local/etc/sysmon.conf <-- edit this to change config
To stop sysmon (it runs on venus) type:
/usr/local/bin/sysmond stop
or just
sysmond stop
because /usr/local/bin is apparently in the path.
To start it again, just type sysmond, not sysmond start
Don't leave off the d at the end of sysmond because if you do it somehow screws things up so you can't stop it. There IS a file called sysmon in the same directory and I don't really know what it does. If you stop sysmon properly, you will see the message "Please remain seated as your ride comes to a complete stop".
The status file is updated every minute.
The sysmon config file : /usr/local/etc/sysmon.conf <-- edit this to change config
To stop sysmon (it runs on venus) type:
/usr/local/bin/sysmond stop
or just
sysmond stop
because /usr/local/bin is apparently in the path.
To start it again, just type sysmond, not sysmond start
Don't leave off the d at the end of sysmond because if you do it somehow screws things up so you can't stop it. There IS a file called sysmon in the same directory and I don't really know what it does. If you stop sysmon properly, you will see the message "Please remain seated as your ride comes to a complete stop".
The status file is updated every minute.
starting the web server on venus
To restart the apache web server on venus after a reboot type:
/usr/sbin/httpd
Sysmon won't work unless you start the web server first. I think it will create the html page showing what's up and what's down, but no web browser can actual load the page without apache running.
/usr/sbin/httpd
Sysmon won't work unless you start the web server first. I think it will create the html page showing what's up and what's down, but no web browser can actual load the page without apache running.
Subscribe to:
Posts (Atom)