Ns1198:Netcat/7/en

From aldeid
Jump to navigation Jump to search

Phonebook Transfer

Another example might be to copy an entire directory by compressing (compression operations / middle relief provided by the tar function).
In a first terminal:

$ nc -l -p 1234 | tar xvfpz –

In a second terminal:

$ tar cvzfp - directory | nc -w 3 127.0.0.1 1234

The first terminal is listening on Port 1234. With the pipe character, all that will happen on this connection will be intercepted by the tar function decompress (-xvfpz option) the content received in the current directory.
The second device compresses the directory folder and send it to Netcat that establishes a connection to the local host (127.0.0.1) on port 1234.

Connect To A Port

Connect to an open port allows you to converse with the service that listens on that port. For example, the following commands to connect to port 80/tcp a remote Web server, and the URL query http://12.34.567.89/admin

$ nc 12.34.567.89 80
GET /admin
<ENTER>

Provide the following result:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>

Simulating Service: Rudimentary Web Server

The following example shows how to use Netcat to make a rudimentary web server.
You need an index.html file with the following lines:

 <html>
   <head>
     <title>Welcome</title>
   </head>
   
   <body>
     <h1>Welcome</h1>
     <div style=background:#ff0000>Welcome to my web server</div>
   </body>
 </html>

In a terminal, enter the following command:

$ cat index.html | nc -v -l -p 80 -w 3

When you call the http://127.0.0.1 address from your browser, you get the following:


Furthermore, the terminal displays the following output, corresponding to what sent the browser (Firefox here). You can have fun to connect with Internet Explorer or other browsers to analyze the contents of the headers sent by different browsers.

listening on [any] 80 ...
DNS fwd/rev mismatch: localhost != xpsp2-efc514119
connect to [127.0.0.1] from localhost [127.0.0.1] 3955
GET / HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

Function Relay

Description

The relay function is used by hackers. Indeed, the benefits are many:

  • It helps to obscure the attack and thus make more complex the investigative work.
  • Some relays may be in countries where the law does not allow investigators to continue the analysis.
  • The relay can be set up by an attacker to pass filtering of systems (for example, install a relay in a DMZ to attack a host of the network, where direct connection to the victim is blocked by a firewall)

Netcat allows for such an operation, as shown in figure against.

Merely Passing With Inetd

Inetd is used to start services automatically when you start the computer. Each line must be formatted with the following syntax:

<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>

An attacker could use an attack on a remote host (relay) to add the following line in /etc/inetd.conf of the victim, and automating the execution of a relay when starting the Netcat victim machine:

service_name sock_type proto flags  user  server_path  args
1234 stream tcp nowait nobody /usr/sbin/tcpd /bin/nc 12.345.67.89 4567