Swiss Army Knife netcat for Network Tools

This is a noisy night. If you want to give a reason, it may be because, although I think Spain is not pure, I don't want to create a role that doesn't play for others .. after that, I think it's time to play netcat, which is known as the Internet Swiss Army knife. Although the Swiss army knife and netcat do not have an inevitable connection in addition to small but refined aspects, I still want to get a chat about Switzerland, blogs I know, not papers, not test reports, there is no problem in divergence, and I think that in the future, cross-border will be an inevitable trend, and the ability to cross-border is also an inevitable advantage.
Switzerland is a country without history. It is the result of the political compromise in 1848. It also shows why even Nazi Germany recognizes its permanent neutral position, however, it does not mean that the nation living in this land has no history. since the time of Caesar, it has lived here as a free nation and the time of Rome. It has developed itself in a peaceful atmosphere of Galu, later, its history was a history of integration, separation, resistance, and neutrality, but it is undeniable that the land and the people on it were in the chaotic great medieval Lord, King, emperor Shen Luo, Pope, Bishop, Autonomous City... the fierce melee between them survived and did not turn into ruins. Till now, it is still one of the richest regions in reality. It is different from Belgium and the Netherlands by looking at the map, switzerland is surrounded by a large country. France, Germany, Italy, and Austria constitute Switzerland's neighbors. From its language, we can see its history, German, French, and Italian (why is there no Austrian Language? Because most people in Austria speak German and have minor consequences), this position is precisely in line with the European average principle, so Switzerland can survive N hooligans as a neutral country without any loss, which is exactly the European average principle, A stable external environment has been created for a country like Switzerland, which can refine the design without compromising the external pressure. The Swiss Army Knife is built in this environment. Of course, and watches. However, if you try something else, it will be better.
What? That is the Nordic gene. If I say that the Nordic gene has contributed to Linux, do you believe it? But in any case, the Nordic gene does play a role. The Nordic people, a descendant of a pure marine nation, and a descendant of a nation unrelated to the Roman Empire, broke free from the shackles of European traditions and left far from the disputes left over by history, they live in a world of fairy tales and mythology, control the unfathomable ocean, freely swing with flexibility and freedom, and the original impulse of rules. This may be the biggest characteristic of a maritime nation.
Swiss Army knife, a Super tool with Nordic genes, conforms to its external self-consistent internal divergence philosophy, how to describe its beauty is not much, Nordic gene phenotype, coupled with the small and refined pursuit, it is this kind of trait that creates the same atmosphere as Linux for Swiss Army Knife ...... of course, using everything doesn't mean it is omnipotent. You can't expect it to cut the wire rope of a crane, or imagine it can pick up a truck. In fact, the lack of these functions is the beauty of the Swiss army knife, that is, it is not big but complete, but small and refined. Sometimes, the small and refined philosophy can indeed win. The criteria for evaluating a tool are not what it can do, but how simple it can do what it claims to be able to do. With a Swiss Army knife in your hand, you can save a lot of things. In fact, any gadgets can be built in, such as thermometers, compasses, scissors, starters, screwdrivers, USB flash drives, electric meters, toothpicks, winding... the beauty of the design lies in how to put these things in a limited space and how to avoid being misused by people. The simple way is that every small tool can implement only one function perfectly. Okay, that's all about Swiss Army knives. Here is netcat.
Netcat is very small and small, and it is really small, rather than small, it is not like the Linux kernel, some people claim that it can be reduced to less than xk, but do you know how much effort this cut-off person has to make? If someone who has just graduated from college needs a job to cut down, he may have read some code during college, but how many classes does he need to add. A good thing is not about how small it can be, but about how small it can be. To what extent can netcat be used? In fact, it only provides a socket I/O channel, but don't look at the small set of functions it comes with. It cannot even be called a set, it increases the extended scope to the scope of your imagination. For those who are not good at thinking, it may be just a telnet program, but for those who are good at thinking, it can build a secure remote shell. Have you ever thought about using it to build an SSL channel?
Before starting my exploration, let's take a brief look at the netcat functions that can be found on the Internet. I will not repeat them here. Its functions include but are not limited: check whether the port is enabled, Port Scan, remote file copy, remote directory copy, encrypted data transmission, remote shell execution, reverse remote shell... why can such a small netcat accomplish so many functions?
The reason is that it only provides the smallest set, that is, an I/O channel. As for how to build data, it is not its responsibility. netcat does not assume any data format, there are no restrictions on data. This is different from telnet. Although telnet is also a somewhat common TCP test program, it has many format rules and assumptions for data transmission, after all, it was designed for remote logon. In fact, the above functions are almost not completed by netcat. netcat only transfers data to the peer end. This is an innovation! Imagine who requires a remote telnet 23 or ssh client to actively initiate a connection to the TCP server? That is, why does sshd run on the TCP server? In fact, no one stipulates that it is only a remote login, but it is the default behavior in this implementation, resulting in many remote login failures, because these remote logins are from the Internet to the Intranet, many firewalls do not allow active access from the outside to the inside. This can be done with netcat. Run a netcat client on the Intranet, run the netcat server on the Internet, and overwrite/bin/bash with netcat. Let me talk about why.
If you executeNetcat-e $ proAfter the connection is successful, Do you think netcat will call fork/exec to execute pro like most programs? Many people think that this is because it is a standard practice of traditional UNIX, but netcat does not, but directly exec a pro in the current netcat process, which is too fierce, the current netcat disappears and is overwritten by pro. What should I do next? Who will perform the master control? In fact, netcat has completely handed over control to pro. Before the handover, it will redirect STDIN, STDOUT, and STDERR to its own socket. That's all, netcat leaves a socket IO channel, followed by STDIN, STDOUT, and STDERR of the pro program. In addition, netcat does not leave any trace and is being executed.Netcat 1.2.3.4 1234-e/bin/bashThe implication is that/Bin/bash socketstdin socketstdout...It is a pity that the UNIX philosophy does not allow programs such as/bin/bash to have any association with the socket, so we have to use another Applet and combine it to simulate local IO on the network, netcat does not have any side effects except the-e parameter. If you do not want to completely redirect STDIN, STDOUT, and STDERR, for example, if you only want to redirect STDIN, you can combine the |, >,< and netcat symbols, for exampleNetcat-l-p 1234 <./transfile, cat transfile2 | netcat 127.0.0.1 2234In this case, netcat itself is still present and does not disappear in the-e parameter, but it does not do anything except IO. The diversity of Swiss Army Knife functions is like this. Yes, everything lies in your imagination. You can no longer say that this function or the function netcat is not provided, it should be said that you did not think how it could be used. If I want to write the netcat manual, I will write one sentence: it provides only one TCP or UDP network channel, which can implement all network functions using TCP or UDP.
What should I do if I want to implement a mechanism for remote command execution without programming or using ssh? It is easy to use netcat. First, it can implement a DH Key Exchange, then encrypt the data to be transmitted, decrypt it, and create a shell. After executing the command, it returns the result and encrypts the returned result, these are all easy to understand. If you want to remotely obtain an encrypted shell, you need to do some work, or you need to implement a self-loop pipeline, that is, the last standard output of the command sequence is directed to the standard input of the first command, that is, netcat 1.2.3.4 1234 | decryto |/bin/bash | encryto @, the final @ indicates that the standard output of encryto is directed to the standard input of netcat, that is, socket. If you do not want to do this, then you can use the following code sequence to hijack any shell that is already running on tty and then execute the command to capture the returned value:

int fd = open("/dev/pts/0", O_RDWR);ioctl(fd,   TIOCSTI,   "l ");ioctl(fd,   TIOCSTI,   "s ");ioctl(fd,   TIOCSTI,   "\n ");

But no matter how you do it, never modify netcat. If you really want to modify it, you 'd better write something that meets your needs, because netcat has nothing to do with it, you can use it as the following program:

Socket; listenaccept // note that there is no multi-processing mechanism loop: read; write; loop;

Remember, building a big function with an existing tool is an art. netcat itself is not a Swiss Army knife. It is more like a Swiss Army knife's hilt and sheath and can accommodate almost all tools, the key lies in inclusiveness and greater inclusiveness, with the least natural constraints. Netcat fully complies with the UNIX philosophy.
Is there a Swiss Army knife in network programming tools? I think there is, that is, the BIO mechanism of OpenSSL, which abstracts the IO process and is similar to the IO process redirected by netcat. If netcat simulates the local environment in the network environment, BIO can simulate the network environment on the local machine. For OpenVPN, data is directly written to BIO rather than directly written to socket, this process is the opposite of netcat. BIO is a powerful tool to debug network programs without a network.
At six o'clock in the morning, Spain has been losing for a while. I am not an avid fan, just follow suit. It is said that tomorrow's Italy VS England will be wonderful.