2009
06.20

Simple Netcat usage

Netcat is a powerful tool that everyone should learn to use. I’ve only been aware of this tool for about a month now, and already I’m finding way to use it (or situations where it could be useful) at work.

Netcat is able to connect (read/write)to any port using TCP or UDP protocols. One can send and receive files, scan ports and you can even redirect standard input/output/errors with netcat. It’s also possible to use netcat for port redirection.

Here are few interesting articles about Netcat:
GIAC
Wikipedia


Here are few simple examples of the netcat syntax. Let’s look at transferring a text file from a Windows machine to a Linux machine. Of course, we’ll assume the Windows system has a copy of netcat.

First the Linux machine, receiving the file, needs to setup a listener.
linux~#nc -lvp 4444 > output.txt
Any traffic directed to port 4444 will be directed into the output.txt file.

Second, the Windows system will open a connection and send the text file.
C:\>nc -nv -Linux IP here- 4444 <>
The contents of test.txt will be piped into port 4444, and sent to our listening Linux machine.

Now netcat doesn’t have any “progress bar” to show when the transfer is completed, so you need to guess and kill the connection manually using the CTRL-C key combination.


Banner grabbing with netcat is pretty simple. All one needs to do is connect to the specified IP address and port. Once connected, depending on the port one used, commands can be issued to gather more information. Of course, all services will give out banners, and systems administrators can always remove the banner. Let’s look at how one can retrieve an SMTP banner.

linux~#nc -nv -IP address- 25
Sometimes, but not always, the SMTP server will give out information such as:
Sendmail 8.13.1/8.13.1
One can also type in commands once connected to verify the existence of users.



Another fun thing one can do with netcat, is command redirection. Using the “-e” switch, you can redirect standard input, output and error to a specific port. So we can essentially send a command shell via netcat so let’s do this.

Imagine 2 users on a the same network, John and Cindy. John needs Cindy’s assistance on his computer and wishes to send her a command shell over the network to her computer.

So let’s start by starting netcat on a particular port, and bind redirect our command shell to it.
From John’s computer:
C:\>nc -lvn 4444 -e cmd.exe
This will basically redirect all input/output & errors from cmd.exe to port 4444.

From Cindy’s computer:
Now that John’s netcat is waiting for a connection, all that Cindy needs to do is connect to John’s computer on port 4444 and she should receive the command prompt.
linux~#nc -nv -John’s ip here- 4444

This is called a bind shell. Try it and see…

2009
06.20

Obligatory first post…

Well, after years of reading on other people’s blogs. After weeks of debating if I should start one of my own, and wondering what would I write about. I finally figured out a subject… Computers, network security and other related subjects.

Now, I’m no expert. Not a profession security consultant, nor am I a security analyst. I’m a system administrator, presently learning the ins and outs of security.

Figured I’d use a blog as a reference. I’ll post links to articles related to computer networking and network security, and maybe type up some of my own learning experience during my journey into this strange/difficult and mythical subject known a “Penetration Testing”.

A little about myself I suppose. Been in IT for a few years now, and like many I’ve had a computer since I was a kid (back in the 8086 days). Got a few certifications such as MCDST, Comptia Linux+, Network+, i-Net+ and for some reason I have a CIW certification…don’t ask.

Presently working on Offensive Security 101 [now known as Pentesting with Backtrack], so I’m looking forward to eventually getting the Offensive Security Certified Professional, or OSCP. So odds are, I’ll mostly be posting my experiences along the course, without going against the course’s copyright. Let me tell you, this one is hard…