Неткат — netcut последняя версия 3.0.119

Содержание:

Sending Files through Netcat #

Netcat can be used to transfer data from one host to another by creating a basic client/server model.

This works by setting the Netcat to listen on a specific port (using the option) on the receiving host and then establishing a regular TCP connection from the other host and sending the file over it.

On the receiving run the following command which will open the port 5555 for incoming connection and redirect the output to the file:

From the sending host connect to the receiving host and send the file:

To transfer a directory you can use to archive the directory on the source host and to extract the archive on the destination host.

On the receiving host, set the Netcat tool to listen for an incoming connection on port 5555. The incoming data is piped to the command, which will extract the archive:

On the sending host pack the directory and send the data by connecting to the listening process on the receiving host:

You can watch the transfer progress on both ends. Once completed, type to close the connection.

CONNECT MODE OPTIONS top

       -g hop1[,hop2,...] (Loose source routing)
           Sets hops for IPv4 loose source routing. You can use -g once with
           a comma-separated list of hops, use -g multiple times with single
           hops to build the list, or combine the two. Hops can be given as
           IP addresses or hostnames.

       -G ptr (Set source routing pointer)
           Sets the IPv4 source route “pointer” for use with -g. The
           argument must be a multiple of 4 and no more than 28. Not all
           operating systems support setting this pointer to anything other
           than four.

       -p port, --source-port port (Specify source port)
           Set the port number for Ncat to bind to.

       -s host, --source host (Specify source address)
           Set the address for Ncat to bind to.

Примеры команд Chmod в Linux

Использование команды chmod очень просто, если вы знаете, какие права доступа вы должны установить для файла.

Например, если вы хотите, чтобы владелец имел все разрешения и не имел разрешений для группы и публики, вам нужно установить разрешение 700 в абсолютном режиме:

Вы можете сделать то же самое в символическом режиме.

Если вам нужен простой способ узнать разрешение файла Linux в числовом или символьном режиме, вы можете использовать этот калькулятор chmod. Просто выберите соответствующие разрешения, и они сообщат вам разрешения как в абсолютном, так и в символическом режиме.

chmod 777: все для всех

Возможно, вы слышали о chmod 777. Эта команда предоставит права на чтение, запись и выполнение владельцу, группе и общедоступным.

Если вы хотите изменить режим на 777, вы можете использовать следующую команду:

chmod 777 считается потенциально опасным, поскольку вы даете разрешение на чтение, запись и выполнение файла/каталога всем (кто находится в вашей системе). Вы должны полностью избежать этого.

chmod + x или chmod a + x: выполнение для всех

Вероятно, один из наиболее часто используемых случаев chmod – дать файлу бит выполнения. Часто после загрузки исполняемого файла вам необходимо добавить это разрешение перед его использованием. Чтобы дать владельцу, группе и всем остальным разрешение на выполнение файла:

chmod +x /path/to/file

CHMOD 755: только владелец может писать, читать и выполнять для всех

Эта следующая команда установит следующее разрешение для файла: rwxr-xr-x. Только владельцу будет разрешено писать в файл. Владелец, члены группы и все остальные будут иметь разрешение на чтение и выполнение.

chmod 755 /path/to/file

chmod 700: все только для владельца

Эта команда предоставит владельцу права на чтение, запись и выполнение. Группа и другие не будут иметь никаких разрешений, даже читать.

Чтобы дать владельцу, группе и всем остальным права на чтение и запись в файл.

chmod -c 666 /path/to/file

CHMOD 644: каждый может читать, только владелец может писать

С этим следующим, владелец будет иметь право на чтение и запись, в то время как группа и все остальные имеют разрешение на чтение.

chmod 644 /path/to/file

CHMOD 600: владелец может читать и писать, больше ни для кого

С этим следующим, владелец будет читать и писать, в то время как группа и все остальные не будут иметь никаких разрешений вообще.

chmod 600 /path/to/file

Примеры команд chmod в символическом режиме

В приведенных выше примерах мы использем битовую маску для установки нового РЕЖИМА. Это легко рассчитать. Требуется простое дополнение. Учтите следующее:

  • X = 1
  • W = 2
  • R = 4

Теперь вы можете легко увидеть, откуда у нас 755, 666, 640 . Вам не нужно использовать битовую маску для установки нового разрешения. Доступен более читабельный способ. Этот второй формат выглядит так:

chmod OPTIONS {u,g,o}{+,-,=}{r,w,x} /path/to/file

Хотя это может показаться сложным, это довольно просто. Сначала вы набираете chmod и нужные вам ОПЦИИ. Затем спросите себя: для кого я меняю права доступа? Пользователь, Группа, Другие. Это даст вам первый раздел команды:

chmod OPTIONS {u,g,o}

На следующем шаге для завершения команды вы решаете добавить биты прав доступа (+), удалить права доступа (-) или установить разрешение (

chmod -v u+

В следующем разделе вы решаете РЕЖИМ разрешения применить (+), удалить (-) или сопоставить (

chmod -v u+rw

В следующем примере будет применено разрешение на чтение/запись для файла для владельца. Подробная опция заставит chmod сообщать о действии.

chmod -v u+rw /path/to/file

Следующим будет установлено разрешение на запись группы в каталог и все его содержимое рекурсивно. Он будет сообщать только об изменениях.

chmod -cR g+w /path/to/directory

Вы можете объединить несколько операций, которые будут выполнены с разрешения, как в следующем примере. Он убедится, что владелец имеет права на чтение/запись/выполнение, а также добавит разрешение на запись для группы и удалит выполнение для всех остальных:

chmod u=rwx,g+w,o-x /path/to/file

Этот последний будет использовать rFile в качестве ссылки для установки разрешения на файл . После завершения разрешение файла будет точно таким же, как и для rFile.

chmod --reference=/path/to/rFile /path/to/file

Есть больше опций и режимов, которые можно использовать с chmod, которые не описаны или не упомянуты здесь. Мы хотели сохранить это в общих чертах и, надеюсь, помочь нескольким новым пользователям Linux.

Create a Chat or Web Server

Chat programs are on the rise. From open-source solutions to those that seemed to suddenly gain massive popularity, there are a wide range of chat and communication tools available to enterprise organizations. The reality is that some IT experts and system administrators would prefer a simple text-only solution. Windows Netcat can actually fill that need and allow for the transmission of messages across a local network.

To get started, you first need Netcat to start listening on a port number. Make sure not to choose a port that is already in use by another application or service.

nc -l -p 1299

Then all you need to do is launch the chat session with a new TCP connection:

nc localhost 1299

This process can also be used to spin up a basic web server from your local machine. Netcat will function as the web host and allow you to store HTML content which can then be viewed through a web browser.

First, create a new text document on your local system and make sure to use valid HTML tags. Then save the file as “index.html” and store it in the root of your Netcat directory. Now switch back to the Netcat tool and run this command:

printf ‘HTTP/1.1 200 OK\n\n%s’ “$(cat index.html)” | netcat -l 8999

To see the HTML in action, simply open any web browser and navigate to your local IP address with: 8999 at the end to specify the port of the host.

Netcat Cheat Sheet

Until you start using Netcat on a regular basis, you might get confused about the command syntax or forget what some of the parameters do. Don’t worry! We’ve included a cheat sheet below to help you find what you need quickly to run a working Netcat command.

Netcat Fundamentals

nc – by default this will execute a port scan

nc -l – initiates a listener on the given port

Netcat Command Flags

nc -4 – use IPv4 only

nc -6 – use IPv6

nc -u – use UDP instead of TCP

nc -k -l – continue listening after disconnection

nc -n – skip DNS lookups

nc -v – provide verbose output

nc > relay.bat – open a relay connection

nc -l -p -e relay.bat – connect to relay

nc (greater than) file_name.out– send a file

nc (less than) file_name.in – receive a file

Netcat Port Scanner

nc -zv site.com 80 – scan a single port

nc -zv hostname.com 80 84 – scan a set of individual ports

nc -zv site.com 80-84 – scan a range of ports

Basic Netcat Commands

Once you have a Netcat application set up on your Windows or Linux server, you can start running basic commands to test its functionality. Here are a few to get started with:

nc -help – This command will print a list of all of the available commands you can use in Netcat. It will come in handy if you run into any errors while writing a script or are unsure of how to proceed.

nc -z -v site.com – This will run a basic port scan of the specified website or server. Netcat will return verbose results with lists of ports and statuses. Keep in mind that you can use an IP address in place of the site domain.

nc -l – This command will instruct the local system to begin listening for TCP connections and UDP activity on a specific port number.

nc site.com 1234 (less than) file_name – This command will initiate the transfer of a file based on the specified port number.

Printf – Netcat can actually operate as a simplified web host. This command will let you save HTML code and publish it through your local server.

Netcat Command Syntax

All Netcat commands must start with the “netcat” identifier or “nc” as a shorter option. By default, the Netcat tool will assume you want to perform a port scan unless you indicate otherwise.

Different option parameters can be used that include: “-u” for UDP traffic instead of TCP, “-v” for verbose output, “-p” to specify a specific port, and “-D” to turn on full debugging mode. Individual attributes within a Netcat command must be separated with a space. The command prompt will inform you if you have a typo or unrecognized term in your script.

DESCRIPTION top

       Ncat is a feature-packed networking utility which reads and writes
       data across networks from the command line. Ncat was written for the
       Nmap Project and is the culmination of the currently splintered
       family of Netcat incarnations. It is designed to be a reliable
       back-end tool to instantly provide network connectivity to other
       applications and users. Ncat will not only work with IPv4 and IPv6
       but provides the user with a virtually limitless number of potential
       uses.

       Among Ncat's vast number of features there is the ability to chain
       Ncats together; redirection of TCP, UDP, and SCTP ports to other
       sites; SSL support; and proxy connections via SOCKS4, SOCKS5 or HTTP
       proxies (with optional proxy authentication as well). Some general
       principles apply to most applications and thus give you the
       capability of instantly adding networking support to software that
       would normally never support it.

Running commands via ncat

With the -e option, listening Ncat can be connected to the program, to which it will transmit commands for execution. As a special case, “/bin/bash” can be specified as such a command, that is, all received lines will be sent to the Bash shell.

On the remote server, run Ncat as follows:

ncat -l -e "/bin/bash" 43210

And connect from the local computer:

ncat 185.26.122.50 43210

In the local ncat, I ran:

cd hackware.ru/logs
ls -l

And got a list of files on a remote computer. That is, commands are executed by analogy with SSH.

To maintain websites, you can enter various commands directly in the local console, for example, make backup copies, download installation files from official sites directly to the server, and not through your computer.

Well, the backdoor functions are also enclosed in the same command – if there is a vulnerability on the site that allows you to execute commands at the system level, a corresponding request is made to the web page so that ncat will be launched with option to transfer received commands to the OS for execution. Then the attacker connects already to the server (to ncat) directly, bypassing the vulnerable site, to send his commands.

If the commands need to be executed on the Windows system, then the following option must be specified: -e cmd.exe

Netcat Examples

Before starting to explore some netcat commands it’s important to know that if you are binding to well-known ports (0-1023) with nc, you need root privilege. Otherwise, you can run nc as a normal user.

1) Test if a particular TCP port of a remote host is open

nc -vn 192.168.40.146 2424

Output if the 2424 port on remote server is closed

nc: connect to 192.168.40.146 port 2424 (tcp) failed: Connection refused

Output if the port on remote server is opened (e.g. 22 port)

Connection to 192.168.40.146 22 port [tcp/*] succeeded!
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4

2) Perform TCP port scanning against a remote host

The command below will check the ports from 20 to 25 on the remote host and print the result.

nc -vnz -w 1 192.168.40.146 20-25

Output will look like this

nc: connect to 192.168.40.146 port 20 (tcp) failed: Connection refused
nc: connect to 192.168.40.146 port 21 (tcp) failed: Connection refused
Connection to 192.168.40.146 22 port [tcp/*] succeeded!
nc: connect to 192.168.40.146 port 23 (tcp) failed: Connection refused
nc: connect to 192.168.40.146 port 24 (tcp) failed: Connection refused
nc: connect to 192.168.40.146 port 25 (tcp) failed: Connection refused

3) Perform UDP port scanning against a remote host

nc -vnzu 192.168.40.146 1-65535

Output will show only the ports which allow udp connections.

Connection to 192.168.40.146 2424 port [udp/*] succeeded!
Connection to 192.168.40.146 12354 port [udp/*] succeeded!

4) Send a test UDP packet to a remote host

echo -n "udp test" | nc -u -w1 192.168.40.146 2424

The command above will send a test UDP packet with 1 second timeout to a remote host at port 2424

5) Copy a file (e.g., test.txt) from one host to another

On the receiver host (192.168.40.146 in my case) run:

nc -lp 2424 > test.txt

On the sender host (192.168.40.144) run the following command:

nc 192.168.40.146 2424 < test.txt

This will copy test.txt file from sender host to receiver host via 2424 port. make sure to allow incoming connections on 2424 port on the receiver host.

6) Transfer a whole directory (including its content) from one host to another

On the receiver host run:

nc -l 2424 | tar xvf -

On the sender host run the following command:

tar cvf - /path/to/dir | nc 192.168.40.146 2424

7) Create a compressed backup of hard drive (e.g., /dev/sdc) on a remote host

On the remote host run:

nc -lp 2424 | sudo dd of=/path/to/image.img.gz

On the local host run the following command:

dd if=/dev/sdc | gzip -c | nc 192.168.40.146 2424

8) Restore a hard drive (e.g. /dev/sdc) from a compressed disk image stored in a remote host

On the local host run:

nc -lp 2424 | gunzip -c | sudo dd of=/dev/sdc

On the remote host run the following command:

cat /path/to/image.img.gz | nc 192.168.40.144 2424

9) Run insecure online chat between two hosts

On one host (e.g. 192.168.40.144) run the command below:

nc -lp 2424

On another host (e.g. 192.168.40.146) run the following command:

nc 192.168.40.144 2424

After running these commands, anything typed in both terminals will be seen on both host machines.

10) Run a web server with a static web page

Run the command below on local host (e.g. 192.168.40.144) to start a web server that serves test.html on port 80. Note that you must run with sudo privileges as 80 is in range of well known ports (1-1023)

while true; do sudo nc -lp 80 < test.html; done

Now open from another host to access it.

11) Listen on a TCP port using IPv6 address

You can use the following command to allow nc use IPv6 address when listening on a TCP port.

nc -6 -l 2424

Check if it works with the command below

sudo netstat -nap | grep 2424

Output will look like this

tcp6 0 0 :::2424 :::* LISTEN 15665/nc

12) Stream a video file from a server for client to watch the streamed video using video player (e.g., mplayer)

On a video server (192.168.40.144):

cat sample_video.avi | nc -l 2424

On a client host (192.168.40.146):

nc 192.168.40.144 2424 | mplayer -vo x11 -cache 3000 —

Read Also:

  • How to use Linux Netcat Command as Port Scanner
  • How to Create a Simple Chat with netcat in Linux

As you can see netcat is a great tool for TCP/IP networking and it is one of the most favorite tools of sysadmins when it comes to do networking related troubleshooting and experimentation. That’s why a lot of Linux distros are being delivered with preinstalled netcat.

How to install netcat

Its is a cross-platform tool and it is available for Linux, macOS, Windows and BSD. We are going to install netcat on Ubuntu 18.04 machine using or compiling it from source code.

Installation using apt is pretty simple, you just need to type the following command in the terminal:

sudo apt install netcat

On CentOS 8

The ncat can be installed with nmap package on RHEL 8/CentOS 8. Use dnf command as below

sudo dnf install nmap

How to install netcat from source code

Compiling netcat from source code is not as easy as installing via , but if you follow the steps below you can install it easily.

Download the source code from netcat website with the following command

wget http://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz

Extract the newly downloaded archive. To do so you can run:

tar -xzvf netcat-0.7.1.tar.gz

to the directory containing the package’s source code and type to configure the package for your system.

cd netcat-0.7.1
./configure

If you are getting error message like this — «no acceptable C compiler found in $PATH» when running ./configure command, make sure you have installed gcc compiler. To install it type the following command:

apt-get install build-essential

Running takes awhile.

Once configure has been successfully finished run:

sudo make

and

sudo make install

You can remove the program binaries and object files from the source code directory by typing . To also remove the files that created, run command.

What is netcat (nc, ncat) for

Netcat is a useful network utility with which you can analyze and simulate the operation of many network protocols (for example, how to do this with HTTP will be shown later), you can execute commands on a remote machine and upload or download files from it, redirect traffic from one port to another or from one machine to another. Of course, a penetration tester (a network security auditor) needs to be an advanced user in network protocols and be able to use Netcat in the learning process.

But the real value of Netcat for a pentester is that this is a real backdoor! And since the utility is very useful for network administrators, it is installed in many systems, including servers, by default!!!

That is, if a vulnerability is found in a web application, for example, execution of arbitrary commands at the system level, then among the various operating ways, you can choose to launch Netcat, which, if run correctly, will perform the functions of a full featured backdoor, passing our commands to the operating system. Moreover, Netcat has two modes: listening mode and connection mode. If the remote computer is behind NAT and there is no way to connect to it directly over IP, then Netcat will come to the rescue again! In connection mode, it will connect back to your computer (Reverse Shell).

In the article about RouterSploit (“Instructions for Using RouterSploit”) in one of the tested routers (this was my own router) the vulnerability of remote command execution was found, although there was a limit on the amount of information returned – it was cut off after a certain number of characters. In such situations, you can use Netcat: as a command on a vulnerable router, you need to run nc, then connect to it; in this case, it will be possible to execute commands through Netcat without limiting the amount of information displayed.

We can assume a more difficult case – when the vulnerability of remote command injection is present, but the output of any messages is suppressed. In this case it is again more convenient to work through Netcat.

By the way, Netcat is so popular that it is present by default even in some advanced routers – in that my router Netcat is installed.

Of course, you can use Netcat not only for destructive purposes. This program for its intended purpose will be very useful for network administrators and webmasters. For example, I also have Netcat on virtual hosting.

ACCESS CONTROL OPTIONS top

       --allow host[,host,...] (Allow connections)
           The list of hosts specified will be the only hosts allowed to
           connect to the Ncat process. All other connection attempts will
           be disconnected. In case of a conflict between --allow and
           --deny, --allow takes precedence. Host specifications follow the
           same syntax used by Nmap.

       --allowfile file (Allow connections from file)
           This has the same functionality as --allow, except that the
           allowed hosts are provided in a new-line delimited allow file,
           rather than directly on the command line.

       --deny host[,host,...] (Deny connections)
           Issue Ncat with a list of hosts that will not be allowed to
           connect to the listening Ncat process. Specified hosts will have
           their session silently terminated if they try to connect. In case
           of a conflict between --allow and --deny, --allow takes
           precedence. Host specifications follow the same syntax used by
           Nmap.

       --denyfile file (Deny connections from file)
           This is the same functionality as --deny, except that excluded
           hosts are provided in a new-line delimited deny file, rather than
           directly on the command line.

Bugs

Like its authors, Ncat isn’t perfect. But you can help make it better by sending bug reports or even writing patches. If Ncat doesn’t behave the way you
expect, first upgrade to the latest version available from http://nmap.org. If the problem persists,
do some research to determine whether it has already been discovered and addressed. Try Googling the error message or browsing the nmap-dev archives at

http://seclists.org/. Read this full manual page as well. If nothing comes of this, mail a bug report
to nmap-dev@insecure.org. Please include everything you have learned about the problem, as well as what version of Ncat you are running and what operating
system version it is running on. Problem reports and Ncat usage questions sent to nmap-dev@insecure.org are far more likely to be answered than those sent to
Fyodor directly.

Code patches to fix bugs are even better than bug reports. Basic instructions for creating patch files with your changes are available
at
http://nmap.org/data/HACKING. Patches may be sent to nmap-dev (recommended) or to Fyodor
directly.

COMMAND EXECUTION OPTIONS top

       -e command, --exec command (Execute command)
           Execute the specified command after a connection has been
           established. The command must be specified as a full pathname.
           All input from the remote client will be sent to the application
           and responses sent back to the remote client over the socket,
           thus making your command-line application interactive over a
           socket. Combined with --keep-open, Ncat will handle multiple
           simultaneous connections to your specified port/application like
           inetd. Ncat will only accept a maximum, definable, number of
           simultaneous connections controlled by the -m option. By default
           this is set to 100 (60 on Windows).

       -c command, --sh-exec command (Execute command via sh)
           Same as -e, except it tries to execute the command via /bin/sh.
           This means you don't have to specify the full path for the
           command, and shell facilities like environment variables are
           available.

       --lua-exec file (Execute a .lua script)
           Runs the specified file as a Lua script after a connection has
           been established, using a built-in interpreter. Both the script's
           standard input and the standard output are redirected to the
           connection data streams.

       All exec options add the following variables to the child's
       environment:

       NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT
           The IP address and port number of the remote host. In connect
           mode, it's the target's address; in listen mode, it's the
           client's address.

       NCAT_LOCAL_ADDR, NCAT_LOCAL_PORT
           The IP address and port number of the local end of the
           connection.

       NCAT_PROTO
           The protocol in use: one of TCP, UDP, and SCTP.

Connect Mode Options

-g hop1[,hop2,…] (Loose source routing) .

Sets hops for IPv4 loose source routing. You can use -g once with a comma-separated list of hops, use -g multiple times with single hops to
build the list, or combine the two. Hops can be given as IP addresses or hostnames.
-G ptr (Set source routing pointer) .
Sets the IPv4 source route «pointer» for use with -g. The argument must be a multiple of 4 and no more than 28. Not all operating systems support
setting this pointer to anything other than four.
-p port, —source-port port (Specify source port) .
Set the port number for Ncat to bind to.
-s host, —source host (Specify source address) .
Set the address for Ncat to bind to.
Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Adblock
detector