Netcat/7/en
Phonebook Transfer
Another example might be to copy an entire directory by compressing (compression operations / middle relief provided by the tar function).
In a first terminal:
$ nc -l -p 1234 | tar xvfpz –
In a second terminal:
$ tar cvzfp - directory | nc -w 3 127.0.0.1 1234
The first terminal is listening on Port 1234. With the pipe character, all that will happen on this connection will be intercepted by the tar function decompress (-xvfpz option) the content received in the current directory.
The second device compresses the directory folder and send it to Netcat that establishes a connection to the local host (127.0.0.1) on port 1234.
Connect To A Port
Connect to an open port allows you to converse with the service that listens on that port. For example, the following commands to connect to port 80/tcp a remote Web server, and the URL query http://12.34.567.89/admin
$ nc 12.34.567.89 80 GET /admin <ENTER>
Provide the following result:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Authorization Required</title> </head><body> <h1>Authorization Required</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html>
Simulating Service: Rudimentary Web Server
The following example shows how to use Netcat to make a rudimentary web server.
You need an index.html file with the following lines:
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>Welcome</h1>
<div style=background:#ff0000>Welcome to my web server</div>
</body>
</html>
In a terminal, enter the following command:
$ cat index.html | nc -v -l -p 80 -w 3
When you call the http://127.0.0.1 address from your browser, you get the following:
Furthermore, the terminal displays the following output, corresponding to what sent the browser (Firefox here). You can have fun to connect with Internet Explorer or other browsers to analyze the contents of the headers sent by different browsers.
listening on [any] 80 ... DNS fwd/rev mismatch: localhost != xpsp2-efc514119 connect to [127.0.0.1] from localhost [127.0.0.1] 3955 GET / HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive
Function Relay
Description
The relay function is used by hackers. Indeed, the benefits are many:
- It helps to obscure the attack and thus make more complex the investigative work.
- Some relays may be in countries where the law does not allow investigators to continue the analysis.
- The relay can be set up by an attacker to pass filtering of systems (for example, install a relay in a DMZ to attack a host of the network, where direct connection to the victim is blocked by a firewall)
Netcat allows for such an operation, as shown in figure against.
Merely Passing With Inetd
Inetd is used to start services automatically when you start the computer. Each line must be formatted with the following syntax:
<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
An attacker could use an attack on a remote host (relay) to add the following line in /etc/inetd.conf of the victim, and automating the execution of a relay when starting the Netcat victim machine:
| service_name | sock_type | proto | flags | user | server_path | args |
|---|---|---|---|---|---|---|
| 1234 | stream | tcp | nowait | nobody | /usr/sbin/tcpd | /bin/nc 12.345.67.89 4567 |