Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Starting with netcat in backtrack:
- First we need to know what is netcat.
- Definition: netcat: TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
- In this document I introduce to the use of Netcat tool known as the Swiss Army knife of the TCP / IP under the GNU / Linux BackTrack.
- * Help Netcat:
- Open the konsole and write: nc -h
- Appear the following:
- root@bt:~# nc -h
- [v1.10]
- connect to somewhere: nc [-options] hostname port[s] [ports] ...
- listen for inbound: nc -l -p port [-options] [hostname] [port]
- options:
- -c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
- -e filename program to exec after connect [dangerous!!]
- -b allow broadcasts
- -g gateway source-routing hop point[s], up to 8
- -G num source-routing pointer: 4, 8, 12, ...
- -h this cruft
- -i secs delay interval for lines sent, ports scanned
- -k set keepalive option on socket
- -l listen mode, for inbound connects
- -n numeric-only IP addresses, no DNS
- -o file hex dump of traffic
- -p port local port number
- -r randomize local and remote ports
- -q secs quit after EOF on stdin and delay of secs
- -s addr local source address
- -T tos set Type Of Service
- -t answer TELNET negotiation
- -u UDP mode
- -v verbose [use twice to be more verbose]
- -w secs timeout for connects and final net reads
- -z zero-I/O mode [used for scanning]
- port numbers can be individual or ranges: lo-hi [inclusive];
- hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
- * Banner identification:
- nc -v IP port Example I will use a false ip:
- root@bt:~# nc -v 192.168.5.181 22
- 192.168.5.131: inverse host lookup failed: Unknown
- (UNKNOWN) [192.168.5.131] 22 (ssh) open
- SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
- root@bt:~# nc -v 192.168.5.181 80
- 192.168.5.181: inverse host lookup failed: Unknown
- (UNKNOWN) [192.168.5.131] 80 (http) connection refused
- You can to use a tool for to see if a port is open
- nc -v 192.168.5.181 80
- 192.168.5.181: inverse host lookup failed: Unknown
- (UNKNOWN) [192.168.5.131] 80 (http) connection refused
- GET
- <html><body><h1>It works!</h1></body></html>
- I used get for to see the content than the server offer me.
- * If you use telnet from the same form
- root@bt:~# telnet 192.168.5.129 80
- Trying 192.168.5.129...
- Connected to 192.168.5.129...
- Escape character is '^]'.
- GET
- <html><body><h1>It works!</h1></body></html>Connection closed by foreign host.
- If we compares netcat with telnet, netcat is more complete than telnet.
- =========================================================================================================
- * Petitions with Netcat / Telnet> Differences:
- nc -v IP 80 < /ruta/file.txt
- First show how we can create a small text file:
- root@bt:~# nano/etc/pet_get.txt
- Appear the following:
- GNU nano 2.0.6 File: /etc/pet_get.txt
- Which may contain a request that this case will GET
- root@bt:~# nano/etc/pet_get.txt
- I'm simply creating a file called pet_get.txt
- And with netcat proceeds to use the same request that was previously done as follows:
- root@bt:~# nc 192.168.5.129 80 < /etc/pe
- pear.conf pet_get.text
- But I'm telling you now include the file I just created
- Now we write the following:
- root@bt:~# nc 192.168.5.129 80 < /etc/pet_get.text
- and appear for example this:
- <html><body><h1>It works!</h1></body></html>
- Then see how it interacts with external files
- If we we tried to do this same process with telnet going to meet one of his limitations do not allow us to interact or add external files. Example:
- root@bt:~# telnet 192.168.5.129 80 < /etc/pet_get.txt
- Trying 192.168.5.129...
- Connected to 192.168.5.129...
- Escape character is '^]'.
- Connection closed by foreign host
- =========================================================================================================
- * Netcat in listening mode and executing shell:
- nc -l Port -e /bin/bash
- root@bt:~# nc -l -p 12345 -e /bin/bash
- We select a port in this example I write 12345 and open another console and digit:
- root@bt:~# nc -l -p 12345
- And that when it receives a connection run the shell of the system. In this case I'm using two systems where one left to hear and the other made ββthe connection
- root@bt:~# nc -l -p 12345
- pwd
- /root
- whoami
- root
- ifconfig
- Here appear all the data.
- =========================================================================================================
- * Netcat as port scanner:
- nc -z -v IP port-range
- For my example I will used a port range from 1 up 100
- root@bt:~# nc -z -v 192.168.5.129 1-100
- 192.168.5.129 inverse host look up failed: Unknown host
- (UNKNOWN) [192.168.5.129] 80 (http) open
- (UNKNOWN) [192.168.5.129] 22 (ssh) open
- Just enough to give the order and select a target IP and port range audited, then I will show the extent to which these ports are open.
- =========================================================================================================
- Well this was a small introduction to Netcat. Hope you find it useful.
- Greetings.
- By Netikerty Asenet
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement