Hi Hackerz,
This is NetCat Tutorial Part 2. Here I am gonna tell you "Usage of NetCat".
So let's get started...
So let's get started...
Explanations
* Using NetCat is though easy, Open NetCat and type "nc -h" and NetCat will show you all Command syntax.
C:\>cd nc
C:\nc>nc -h
[v1.10 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
options:
-d detach from console, stealth mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]
So above you can see Commands of NetCat. I open NetCat as "C:\>cd nc" ,You can put nc in /system32/ and execute it from anywhere ))
Scanning Ports Using NetCat
NetCat can also scan ports. 3x4mpl3 if you want to scan ports between 22-50 just type the following command.
nc -vv [victim IP] 22-50
Besides this you can also do this;
nc -vv -r [target Ip] 6667 1-1024 4900-5000
In this case Netcat will scan port 1-1024, 4900-5000 , and 6667. whenever Netcat find an open port it stops it's progress
and allows you to send data to that port.
You can also use it to flood, 3x4mpl3 >
nc [server IP] 149 149 149 149 149 149 149 149 149 149
Open Connection
To open a connection symply type;
nc [victim IP] [port]
nc [url = ftp://ftp.site.net] ftp.site.net [/ url] 21
This command will connect to host=ftp://ftp.site.com using Port 21. further you must know the FTP commands.
Because everything will not be alone as with an advanced FTP client.
NetCat also supports Telnet much better. To connect to telnet type
nc -t [host name] [port=23]
Similarly one can connect to port 80..etc etc
NetCat server
To listen a specific port just type following command;
nc -vv -l -p [PORT]
-l <> Listen
-p <> Port
-v <> verbose mode
This command will start listening to speific PORT you provide to listen.
That PORT must be farwarded(opened).
Now open another command prompt, and type -> telnet 127.0.0.1 80
lulz, You saw on NetCat ? :P now what you type in NetCat command line, you will see same in other command promt being typed automatically.
Like the client is communicating. Now if you close your client windows (Telnet) you will see that NetCat get's close..
But their is other command to compensate this, like if you close client window this command ( -L ) will reset
the port to continously Listen to end of Client Connection. ))
nc -vv -L -p [PORT]
Now when ever you give command to Listen any PORT, you must get result like ;
C:\nc>nc -vv -L -p 80
listening on [any] 80 ...
Knowing that the Default PORT of the server is [80] , Listen to this PORT and then run serverIP/URL in browser listening on [any] 80 ...
http://127.0.0.1
Now look at your NetCat you muct see the TEXT sent by the browser to website.
Redirects
with NetCat you can redirect input and output using the
nc -L -vv -p 21> [url = ftp://ftp.log] ftp.log [/ url]
By this log all commands sent to your Netcat PORT 21
nc -L -vv -p 21 <[url = ftp://ftp.txt ftp.txt [/ code [/ url]]
ftp.txt file act as INPUT file NetCat. Now start Telnet client, and you will see that you are able to type only
those commands which are in your input file ( ftp.txt ).
-e command may also act as redirection, in sense it allows a program as input.
nc -L -vv -p 21 -e cmd.exe
Launch the cmd.exe in telnet client. We could even detach the Netcat command windows in which it is launched.
-d options allows to detach from the window thus runs in background. It will remain always in your process list,
you can even kill it whenever you want.
Grabbing
For Example, we want to grab /etc/passwd file, we will type;
nc -l -u -p 55555 < /etc/passwd
To use Netcat to retrieve the home page of a web site use the command:
nc -v www.site.com 80 < get.txt
It is easier to just open the connection then type at the console to do the same thing.
nc -v www.site.com 80
Then just type GET / HTTP/1.0 and hit a couple of returns you will see the same thing as by above command.
Sockets
We did talk about Sockets in NetCat Part(1). let's talk about it here in little detail =).
We know that to Idetify sockets it takes 3 things;
IPs of the 2-connected computers.
2-ports of computers that are connected.
-The protocol used.
3x4mpl3 , when I am on IRC #, My mIRC uses a socket between my IP (127.0.0.1)
a temporary port (1033) and the server IP ( r00tw0rm.eu.be.internet.org ) temporary port ( 6675), and the connection type is TCP.
Opening a socket is easy, for example if i want to connect on IRC I will use
nc r00tw0rm.eu.be.internet.org 6675
so I get connected. in netCat there's wait_timeout option as well.
nc -w 10 r00tw0rm.eu.be.internet.org 6675
in this case NetCat will stop after 10 seconds, if the connection has not established.
Another great option in Netcat is to debug programs and analyze protocols.
For this command ( -o ) is used. 3x4mpl3
nc -o netbios.log 127.0.0.1 139
NetCat will log in the file netbios.log all the bytes received, but as hexadecimal dump, which is quite handy in some cases:)
0 comments:
Post a Comment