Netcat
Download as PPT, PDF3 likes4,042 views
Netcat is a versatile network utility tool that can be used for both legitimate network analysis and security issues identification. It allows creating inbound or outbound TCP or UDP connections to any ports and can be used for port scanning, data transfer, and performance testing. However, it also poses security risks if used maliciously by allowing execution of programs on listening ports, which could enable attacks like SYN flooding.
![How Do I use netcat ?
General form of usage is
nc [switches] [hostname] [portnumber]
Simplest Usage would be
nc –v www.msn.com 80
Use GET method GET / HTTP/1.0
Hostname can be a name or IP
Address](https://image.slidesharecdn.com/8c21da14-1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02/85/Netcat-6-320.jpg)
![ Use of –n switch
If not specified performs forward and reverse
DNS look up
Reports the problem of mismatched names in
DNS
D:toolsnc>nc -v www.hotmail.com 80
DNS fwd/rev mismatch: www.hotmail.com != hotmail.se
DNS fwd/rev mismatch: www.hotmail.com !=
ld.cb.msn.com
DNS fwd/rev mismatch: www.hotmail.com !=
ld.cb.msn.com
www.hotmail.com [207.68.171.233] 80 (http) open
IF specified will take only IPAddress as hostname
argument](https://image.slidesharecdn.com/8c21da14-1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02/85/Netcat-7-320.jpg)
![Options
-L
Listen harder
-r
Randomize port numbers
-z
Zero – I/O mode [used in scanning]](https://image.slidesharecdn.com/8c21da14-1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02/85/Netcat-11-320.jpg)
![D:toolsnc>nc -v -w 5 -r davinci.newcs.uwindsor.ca 20-30
davinci.newcs.uwindsor.ca [137.207.76.3] 22 (?) open
SSH-2.0-Sun_SSH_1.0
davinci.newcs.uwindsor.ca [137.207.76.3] 28 (?) open
davinci.newcs.uwindsor.ca [137.207.76.3] 20 (ftp-data) open
davinci.newcs.uwindsor.ca [137.207.76.3] 23 (telnet) open
internet2 proxy-telnet [v3.1] ready
√☺Please enter your userid: davinci.newcs.uwindsor.ca [137.207.76.3] 24 (?)
open
davinci.newcs.uwindsor.ca [137.207.76.3] 30 (?) open
davinci.newcs.uwindsor.ca [137.207.76.3] 25 (smtp) open
220-Sendmail 8.6.12/8.6.12 ready on internet2
220 ESMTP spoken here
davinci.newcs.uwindsor.ca [137.207.76.3] 26 (?) open
davinci.newcs.uwindsor.ca [137.207.76.3] 29 (?) open
davinci.newcs.uwindsor.ca [137.207.76.3] 27 (?) open
davinci.newcs.uwindsor.ca [137.207.76.3] 21 (ftp) open
220- internet2 proxy-ftp [v3.1] ready
220 Please enter your userid
D:toolsnc>](https://image.slidesharecdn.com/8c21da14-1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02/85/Netcat-16-320.jpg)
![RESULT
D:toolsnc>nc -l -p 21 -e cmd.exe
LISTENER
C:Documents and SettingsRAJAT>ftp 192.168.0.100
Connected to 192.168.0.100.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
D:toolsnc>
Request](https://image.slidesharecdn.com/8c21da14-1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02/85/Netcat-21-320.jpg)
Netcat
- 1. netcat
- 2. Purpose of Presentation…? Analyze the network Identify the network security issues How to do it …? First Step Research the Network
- 3. Tools for Research Information Gathering tools Forensic tools Network Utility tools Password Auditing tools Recovery And Restoration Tools Vulnerability Scanning & Analysis tools
- 4. What is netcat ? Swiss Army Knife of Network A versatile network Utility tool Uses TCP and UDP protocol Designed as a backend tool Can be used directly Driven by other programs
- 5. Power of netcat Can create Outbound or Inbound connections TCP or UDP to or from any ports Full DNS forward reverse checking Can use any local port Can use any locally configured network address Port scanning with randomizer Option to let other program service establish connections Optional telnet responder
- 6. How Do I use netcat ? General form of usage is nc [switches] [hostname] [portnumber] Simplest Usage would be nc –v www.msn.com 80 Use GET method GET / HTTP/1.0 Hostname can be a name or IP Address
- 7. Use of –n switch If not specified performs forward and reverse DNS look up Reports the problem of mismatched names in DNS D:toolsnc>nc -v www.hotmail.com 80 DNS fwd/rev mismatch: www.hotmail.com != hotmail.se DNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.com DNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.com www.hotmail.com [207.68.171.233] 80 (http) open IF specified will take only IPAddress as hostname argument
- 8. Options -v Controls the verbosity level -w <seconds> Sets the network inactivity timeout -p <port number> Binds the connection to specific port number
- 9. Options -o <file name> To obtain hexdump file of data sent either way -l Makes netcat wait for inbound connections And once connection is established it transfers the data
- 10. Interesting -l Can use to create like a listening netcat server On listening end D:toolsnc>nc –l -p 1234 < test.txt On client end D:toolsnc>nc 192.168.0.100 1234
- 11. Options -L Listen harder -r Randomize port numbers -z Zero – I/O mode [used in scanning]
- 12. Options -e <program name> Allows to execute a program (dangerous) -d Allows to run in detached mode without console window -u Makes a UDP connection instead of TCP connection
- 13. Options -s <address> Local source address -i <seconds> Specifies delay interval for lines sent or ports scanned -t Answer telnet negotiation
- 14. Put the Knife to Use Use It GOOD Use It BAD
- 15. USE IT GOOD Port Scanning Find what is out there • nc –v –w 5 –r davinci.newcs.uwindsor.ca 20-30
- 16. D:toolsnc>nc -v -w 5 -r davinci.newcs.uwindsor.ca 20-30 davinci.newcs.uwindsor.ca [137.207.76.3] 22 (?) open SSH-2.0-Sun_SSH_1.0 davinci.newcs.uwindsor.ca [137.207.76.3] 28 (?) open davinci.newcs.uwindsor.ca [137.207.76.3] 20 (ftp-data) open davinci.newcs.uwindsor.ca [137.207.76.3] 23 (telnet) open internet2 proxy-telnet [v3.1] ready √☺Please enter your userid: davinci.newcs.uwindsor.ca [137.207.76.3] 24 (?) open davinci.newcs.uwindsor.ca [137.207.76.3] 30 (?) open davinci.newcs.uwindsor.ca [137.207.76.3] 25 (smtp) open 220-Sendmail 8.6.12/8.6.12 ready on internet2 220 ESMTP spoken here davinci.newcs.uwindsor.ca [137.207.76.3] 26 (?) open davinci.newcs.uwindsor.ca [137.207.76.3] 29 (?) open davinci.newcs.uwindsor.ca [137.207.76.3] 27 (?) open davinci.newcs.uwindsor.ca [137.207.76.3] 21 (ftp) open 220- internet2 proxy-ftp [v3.1] ready 220 Please enter your userid D:toolsnc>
- 17. USE IT GOOD Simple Data Transfer Agent Immaterial which side is server and which side is client Input at one goes as output to another HEX Dump Feature Can be used to analyze odd network protocols
- 18. USE IT GOOD Performance Testing Generate large amount of useless data on network with server on one end and client on other end we can use it to test network performance. Protect your workstations X server
- 19. DARK SIDE Scanning for vulnerable services Can use files as input to netcat and scan the system by using –i and –r switches Can use –e option to execute programs SYN-Bombing Can disable TCP servers
- 20. EXAMPLE Listen on port 21 (FTP Port) using netcat with –e switch to execute cmd.exe FTP request made from a different machine on the listener machine
- 21. RESULT D:toolsnc>nc -l -p 21 -e cmd.exe LISTENER C:Documents and SettingsRAJAT>ftp 192.168.0.100 Connected to 192.168.0.100. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. D:toolsnc> Request
- 22. Environment Local Home Network ISP --- Cogeco Three PC’s OS Windows XP Connected via DLink Router Cat 5 connecting cables used
- 23. Conclusion Netcat is a very useful network utility tool Very light but extremely effective Particularly when it can listen and execute programs when connection requests are made on the specific ports
- 24. Credits Chris Wysopal Hobbit www.atstake.com
- 25. THANK YOU