UPDATE 12/27/04 security fix in -e option for Windows
Netcat 1.11 for NT - nc111nt.zip
The original version of Netcat was written by *hobbit* <hobbit@avian.org>
The NT version was done by Weld Pond <weld@vulnwatch.org>
Netcat for NT is the tcp/ip "Swiss Army knife" that never made it into any
of the resource kits. It has proved to be an extremely versatile tool on
the unix platform. So why should NT always be unix's poor cousin when it
comes to tcp/ip testing and exploration? I bet many NT admins out there
keep a unix box around to use tools such as Netcat or to test their systems
with the unix version of an NT vulnerability exploit. With Netcat for NT
part of that feeling disempowerment is over.
Included with this release is Hobbit's original description of the powers
of Netcat. In this document I will briefly describe some of the things an
NT admin might want to do and know about with Netcat on NT. For more
detailed technical information please read hobbit.txt included in the
nc11nt.zip archive.
Basic Features
* Outbound or inbound connections, TCP or UDP, to or from any ports
* Full DNS forward/reverse checking, with appropriate warnings
* Ability to use any local source port
* Ability to use any locally-configured network source address
* Built-in port-scanning capabilities, with randomizer
* Can read command line arguments from standard input
* Slow-send mode, one line every N seconds
* Hex dump of transmitted and received data
* Ability to let another program service established
connections
* Telnet-options responder
New for NT
* Ability to run in the background without a console window
* Ability to restart as a single-threaded server to handle a new
connection
A simple example of using Netcat is to pull down a web page from a web
server. With Netcat you get to see the full HTTP header so you can see
which web server a particular site is running.
Since NT has a rather anemic command processor, some of the things that are
easy in unix may be a bit more clunky in NT. For the web page example first
create a file get.txt that contains the following line and then a blank
line:
GET / HTTP/1.0
To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 < get.txt
You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose. It tells you a little info about the connection
when it starts.
It is a bit easier to just open the connection and then type at the console
to do the same thing.
nc -v www.website.com 80
Then just type in GET / HTTP/1.0 and hit a couple of returns. You will
see the same thing as above.
A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option. You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.
nc -l -p 23 -t -e cmd.exe
will get Netcat listening on port 23 (telnet). When it gets connected to
by a client it will spawn a shell (cmd.exe). The -t option tells Netcat
to handle any telnet negotiation the client might expect.
This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect. You could just as well use
Netcat instead of telnet:
nc xxx.xxx.xxx.xxx 23
will get the job done. There is no authentication on the listening side
so be a bit careful here. The shell is running with the permissions of the
process that started Netcat so be very careful. If you were to use the
AT program to schedule Netcat to run listening on a port with the
-e cmd.exe option, when you connected you would get a shell with user
NT AUTHORITY\SYSTEM.
The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing. Do a little exploring and
see if the firewall you may be behind lets port 53 through. Run Netcat
listening behind the firewall on port 53.
nc -L -p 53 -e cmd.exe
Then from outside the firewall connect to the listening machine:
nc -v xxx.xxx.xxx.xx 53
If you get a command prompt then you are executing commands on the
listening machine. Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated. This way you can
connect over and over to the same Netcat process.
A new feature for the NT version is the -d or detach from console flag.
This will let Netcat run without an ugly console window cluttering up the
screen or showing up in the task list.
You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports.
You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the
machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot.
PROBLEMS with Netcat 1.1 for NT
There are a few known problems that will eventually be fixed. One is
the -w or timeout option. This works for final net reads but not
for connections. Another problem is using the -e option in UDP mode.
You may find that some of the features work on Windows 95. Most
of the listening features will not work on Windows 95 however. These will
be fixed in a later release.
Netcat is distributed with full source code so that people can build
upon this work. If you add something useful or discover something
interesting about NT TCP/IP let met know.
Weld Pond <weld@l0pht.com>, 2/2/98
没有合适的资源?快使用搜索试试~ 我知道了~
webshell反弹工具包
共52个文件
tlog:10个
txt:5个
png:4个
需积分: 10 8 下载量 113 浏览量
2014-01-25
00:43:28
上传
评论
收藏 15.82MB RAR 举报
温馨提示
成套web反弹工具包,包含控制端,被控端。和端口监听工具,配套详细的使用说明
资源推荐
资源详情
资源评论
收起资源包目录
webshell反弹.rar (52个子文件)
绝杀webshell反弹
reDuhClient.zip 18KB
端口监听
nc11nt-32.zip 97KB
nc源码-64
NetCat VS2012
NetCat
getopt.c 22KB
getopt.h 5KB
UpgradeLog.XML 3KB
NetCat.sdf 27.63MB
_UpgradeReport_Files
UpgradeReport.xslt 22KB
UpgradeReport_Error.png 397B
UpgradeReport.css 2KB
UpgradeReport_Information.png 338B
UpgradeReport_Warning.png 292B
UpgradeReport_Success.png 381B
license.txt 18KB
VC 驿站.url 120B
NetCat.sln 878B
generic.h 7KB
VC 驿站.txt 956B
makefile 544B
netcat.c 68KB
NetCat.vcxproj 6KB
NetCat.dsw 535B
NetCat.v11.suo 19KB
NetCat.vcxproj.filters 1KB
Backup
NetCat.dsp 4KB
UpgradeLog.htm 18KB
Debug
NetCat.lastbuildstate 87B
vc110.idb 371KB
NetCat.pdb 1.93MB
CL.write.1.tlog 2KB
NetCat.ilk 1.1MB
CL.read.1.tlog 39KB
NetCat.exe 518KB
NetCat.log 15KB
cl.command.1.tlog 2KB
link-cvtres.read.1.tlog 2B
link.write.1.tlog 816B
link-rc.write.1.tlog 2B
netcat.obj 87KB
link-cvtres.write.1.tlog 2B
link.command.1.tlog 1KB
link-rc.read.1.tlog 2B
link.read.1.tlog 3KB
vc110.pdb 100KB
getopt.obj 15KB
doexec.obj 20KB
hobbit.txt 60KB
doexec.c 12KB
readme.txt 7KB
NetCat_for_vc6.rar 74KB
NetCat VS2012.zip 9.33MB
使用说明.txt 446B
reDuhServers.zip 17KB
共 52 条
- 1
资源评论
baofengzhang
- 粉丝: 1
- 资源: 12
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于CSS与JavaScript的积分系统设计源码
- 生物化学作业_1_生物化学作业资料.pdf
- 基于libgdx引擎的Java开发连连看游戏设计源码
- 基于MobileNetV3的SSD目标检测算法PyTorch实现设计源码
- 基于Java JDK的全面框架设计源码学习项目
- 基于Python黑魔法原理的Python编程技巧设计源码
- 基于Python的EducationCRM管理系统前端设计源码
- 基于Django4.0+Python3.10的在线学习系统Scss设计源码
- 基于activiti6和jeesite4的dreamFlow工作流管理设计源码
- 基于Python实现的简单植物大战僵尸脚本设计源码
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功