Sign In
Register
Help
I recently took a look at a tutorial for netcat that was posted. I did find it usefull but It did not explain the funtion of invidual commands or rather options. Is there a listing of netcat commands somewhere in the forums or a link to a place where I can find them. I have tried searching using the site search engine as well as google but have not found any results. Perhaps I am using poor keywords. If anyone has a source for this information I would greatly appreciate it.
Thanks,
v1v1d
Netcat Commands I need a listing for netcat commands
MultiQuote
#2
- Private First Class
-
- Group:
- Members
- Posts:
- 47
- Joined:
- 20-August 03
Posted 21 October 2003 - 03:21 PM
Here u go... 10x for who posted it b4...
To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 < get.txt
You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose. It tells you a little info about the connection
when it starts.
It is a bit easier to just open the connection and then type at the console
to do the same thing.
nc -v www.website.com 80
Then just type in GET / HTTP/1.0 and hit a couple of returns. You will
see the same thing as above.
A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option. You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.
nc -l -p 23 -t -e cmd.exe
will get Netcat listening on port 23 (telnet). When it gets connected to
by a client it will spawn a shell (cmd.exe). The -t option tells Netcat
to handle any telnet negotiation the client might expect.
This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect. You could just as well use
Netcat instead of telnet:
nc xxx.xxx.xxx.xxx 23
will get the job done. There is no authentication on the listening side
so be a bit careful here. The shell is running with the permissions of the
process that started Netcat so be very careful. If you were to use the
AT program to schedule Netcat to run listening on a port with the
-e cmd.exe option, when you connected you would get a shell with user
NT AUTHORITY\SYSTEM.
The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing. Do a little exploring and
see if the firewall you may be behind lets port 53 through. Run Netcat
listening behind the firewall on port 53.
nc -L -p 53 -e cmd.exe
Then from outside the firewall connect to the listening machine:
nc -v xxx.xxx.xxx.xx 53
If you get a command prompt then you are executing commands on the
listening machine. Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated. This way you can
connect over and over to the same Netcat process.
A new feature for the NT version is the -d or detach from console flag.
This will let Netcat run without an ugly console window cluttering up the
screen or showing up in the task list.
You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports.
You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the
machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot.
PROBLEMS with Netcat 1.1 for NT
There are a few known problems that will eventually be fixed. One is
the -w or timeout option. This works for final net reads but not
for connections. Another problem is using the -e option in UDP mode.
You may find that some of the features work on Windows 95. Most
of the listening features will not work on Windows 95 however. These will
be fixed in a later release.
Netcat is distributed with full source code so that people can build
upon this work. If you add something useful or discover something
interesting about NT TCP/IP let met know.
To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 < get.txt
You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose. It tells you a little info about the connection
when it starts.
It is a bit easier to just open the connection and then type at the console
to do the same thing.
nc -v www.website.com 80
Then just type in GET / HTTP/1.0 and hit a couple of returns. You will
see the same thing as above.
A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option. You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.
nc -l -p 23 -t -e cmd.exe
will get Netcat listening on port 23 (telnet). When it gets connected to
by a client it will spawn a shell (cmd.exe). The -t option tells Netcat
to handle any telnet negotiation the client might expect.
This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect. You could just as well use
Netcat instead of telnet:
nc xxx.xxx.xxx.xxx 23
will get the job done. There is no authentication on the listening side
so be a bit careful here. The shell is running with the permissions of the
process that started Netcat so be very careful. If you were to use the
AT program to schedule Netcat to run listening on a port with the
-e cmd.exe option, when you connected you would get a shell with user
NT AUTHORITY\SYSTEM.
The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing. Do a little exploring and
see if the firewall you may be behind lets port 53 through. Run Netcat
listening behind the firewall on port 53.
nc -L -p 53 -e cmd.exe
Then from outside the firewall connect to the listening machine:
nc -v xxx.xxx.xxx.xx 53
If you get a command prompt then you are executing commands on the
listening machine. Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated. This way you can
connect over and over to the same Netcat process.
A new feature for the NT version is the -d or detach from console flag.
This will let Netcat run without an ugly console window cluttering up the
screen or showing up in the task list.
You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports.
You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the
machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot.
PROBLEMS with Netcat 1.1 for NT
There are a few known problems that will eventually be fixed. One is
the -w or timeout option. This works for final net reads but not
for connections. Another problem is using the -e option in UDP mode.
You may find that some of the features work on Windows 95. Most
of the listening features will not work on Windows 95 however. These will
be fixed in a later release.
Netcat is distributed with full source code so that people can build
upon this work. If you add something useful or discover something
interesting about NT TCP/IP let met know.
#5
- Private
-
- Group:
- Members
- Posts:
- 18
- Joined:
- 05-October 03
Posted 28 October 2003 - 09:00 AM
i've been looking for info about the commands for netcat for a while now.
so thanks a lot for your good explanation =)
i've experimented a little bit with it but i haven't been able to spawn a shell with it yet.
now i have some more to experiment with =)
cheerz
//KrYsSaR
so thanks a lot for your good explanation =)
i've experimented a little bit with it but i haven't been able to spawn a shell with it yet.
now i have some more to experiment with =)
cheerz
//KrYsSaR
#8
- Sergeant
-
- Group:
- Members
- Posts:
- 209
- Joined:
- 30-November 03
Posted 16 December 2003 - 05:52 AM
Hello M8's
Hope This Helps, Should Be Preety Basic After That.
Good Luck
Best Regards
Adam
Vast Gsm
C:\>nc -h
[v1.10 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
options:
-d detach from console, stealth mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]
C:\>
Hope This Helps, Should Be Preety Basic After That.
Good Luck
Best Regards
Adam
Vast Gsm
C:\>nc -h
[v1.10 NT]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [options] [hostname] [port]
options:
-d detach from console, stealth mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]
C:\>
#14
- Staff Sergeant
-
- Group:
- Members
- Posts:
- 272
- Joined:
- 07-August 03
Posted 19 December 2003 - 07:24 PM
rastis_monkey, on Dec 19 2003, 05:00 AM, said:
is netcat better than tel-net? what are pros vs cons
do you speak english ?
did you read the post ?
did you even listen ?
you need a netcat for your brain to listen for incoming information.
go play PS2 or somthing ...
let me repeat that for you :
d detach from console, stealth mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]
the red is what telnet does
the blue is what netcat does
#15
- Private First Class
-
- Group:
- Members
- Posts:
- 47
- Joined:
- 15-December 03
Posted 20 December 2003 - 08:35 PM
is possibile install netcat with service in a computer?
Example, is possibile install a service that exec the command nc -L -p 4242 -d -e cmd.exe every time that the machine is reboot ?
thx bye and sorry 4 my english ;)
Example, is possibile install a service that exec the command nc -L -p 4242 -d -e cmd.exe every time that the machine is reboot ?
thx bye and sorry 4 my english ;)