This is the 12th day of my participation in the August More Text Challenge. For details, see: August More Text Challenge
Introduction to the
NetCat is a powerful tool for debugging TCP/UDP network connections, often referred to as the Swiss Army knife of network debugging.
The basic functions of NetCat are as follows:
- Telnet Obtains the system banner information
- Transmitting text information
- Transfer files and directories
- Encrypted transfer file
- Port scanning
- Remote control/positive shell
- Streaming media server
- Remote Cloning a Disk
Method of use
To view help information:
Option parameters:
-e filename Program redirection [danger!!] -b Allow broadcast -d None Command line interface, the background mode is used. -g gateway The hop point of the source route cannot exceed 8. -g num Source route indicator: 4, 8, 12,... -h Obtain help information -i secs delay setting. Use the live option set on the socket during port scanning. -l Listen for inbound information Secs exits after standard input and delay. -s addr Local source address -t TOS Sets the service type -t Responds to inbound requests in TELNET form -u UDP mode -v Displays detailed information [Use =vv to obtain more detailed information -w secs Connection timeout setting -z I/O mode [For scanning]Copy the codePort scanning
Nc The command used to scan ports is nC-NVz IP address port number
The -z parameter translates to no I/O and is used for scanning. It means that the target is pinged to detect whether the specified port is enabled, without any interaction.
The -v parameter lists the details of the execution, and the n parameter translates to receive only IP addresses, but no DNS.
The -n parameter is used because only the IP address is passed in the command, which reduces the process of resolving the domain name to IP address by the NC. In this way, time is saved and efficiency is improved.
Nc - NVZ 192.168.254.4 1-100Copy the code
The Wireshark uses TCP packets to determine whether a port is open through a three-way handshake. The wireshark uses the same principle as SYN scanning in NMAP
Transmitting text information
Nc can transmit information between two machines. First, one machine needs to monitor a port, and the other one needs to connect to its specified port in the way of connection. In this way, after the communication between the two machines is established, information can be transmitted between them.
The -l parameter means listening mode, and the -p parameter specifies a port.
Nc-lp 666 # listens on local port 666Copy the code
Another computer connects to the open port, and then text messages can be sent to each other
We can see the transmitted data in the TCP packet. Obviously, the data is not encrypted, so there are some security problems
Is another role can run a command the results through ` pipe (|) transfer to the monitored host port, the main application is infiltration attack using this function transfer some information
If the output is too much, you can direct the output to a file
The Wireshark allows you to view all the transmitted data
Transfer files and directories
As a file transfer and directory, these functions are similar to text information transfer, but the text information is replaced by files and directories. First, a machine listens on a port, and if someone connects and sends a message, the message is redirected to a file using >. The other machine will connect to the specified port of the target and output the file to be sent via <.
The one above is a forward transmission, and there is also a reverse transmission, which needs to be understood because it is the same principle as the forward and backward shell that is often used. Originally, I opened the specified port and waited for others to connect me and send files to me. Now I open the specified port to get the file ready, others line me, I send him the file.
Remote control/forward and reverse shell
The principle is the same as transferring information to transfer files, but the transfer is bash, Windows system is CMD, forward is the target machine to actively specify bash, and then through others connected to their port, others connected to their own command is their own machine, as shown in the figure below
In general, the general server will have a firewall, will rarely allow other external machines to connect to a particular port, only certain specified ports may be allowed to access, such as web service port 80. At this moment is the shell is not do not work, but a firewall generally prohibit external machines to connect your other ports, but their machine access port does not normally do outside restrictions, then you can use the reverse shell, namely the attacker to specify a port and bash, let the target server to connect to oneself, You can write a script and put it in the boot of the target server, which will connect to you as soon as the target server is running.
ncat
Nc also has its drawbacks. The first is that plaintext transmission may be sniffed. Secondly, for the reverse shell, if someone else finds the port through the network scan, it means that anyone can listen to the port for connection, and there is no authentication function.
Ncat makes up for these shortcomings. Ncat is not a Linux command, but a part of nmap. Many parameters in NCAT are the same as nc. The –alow parameter can be used to specify which machine is allowed to connect to, and the data can be encrypted through — SSL, as shown in the figure below
Nc is small and powerful, so it is called the Swiss Army knife, the shortcomings are plaintext transmission, there is no relevant identity authentication, and NCAT on the basis of NC to make up for its shortcomings, NC can do NCAT can do, so NCAT is called the Swiss Army knife of the 21st century.
The NC file is encrypted and transmitted
Apt to get the install McRypt A: nc - lp port | McRypt -- -- flush rijndael Fbqd - A - 256 - m the ECB > filename B: McRypt -- flush - rijndael Fbq - a - 256 - m the ECB < filename | nc - nv IP port - q 1Copy the codeUnderstanding: USER B encrypts the file and sends it. User A decrypts the file and saves it to the local computer. User B exits after 1 second. The main use of McRypt encryption
NC Replication disk
A:nc -lp port |dd of=/dev/sda
B:dd if=/dev/sda | nc -nc ip port -q 1
Copy the codeIf is the input filter
Of an output filter
B copies data to the hard disk mounted by A
Recommended reading
Linux Sudo and Sudoers
Linux TCP kernel parameter Settings and tuning (details)!
O&m must know Linux RAID details!
Linux Service Management!
Metasploit Penetration Framework for network security personnel must know!
Penetration Essential -Metasploit common module usage
Server Hardware Guide!