Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Recompiling NetCat [In Windows] To Bypass AntiVirus

  1. #21

    Default

    Quote Originally Posted by thorin View Post
    I know a bizarrely high number of people have already replied, and it is an interesting topic, but cmon people think about this, do you really want to help someone do such a thing?

    No it's not impossible, maybe it's even trivial, but why promote such a tactic?
    I don't really think it is as bad as you think. You can recompile just about anything to get past an A/V signature. The real problem with netcat and other tools is how to get past a decent FW or A/V that detects the opening of sockets? Recompiling will have no effect on that, and the tool will get caught just the same.

  2. #22
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by thorin View Post
    I know a bizarrely high number of people have already replied, and it is an interesting topic, but cmon people think about this, do you really want to help someone do such a thing?

    No it's not impossible, maybe it's even trivial, but why promote such a tactic?
    I don't particularly want to help script kiddies in their amateur hacking efforts, but I think the main issue here is that nc has legitimate uses and the AV detection really gets in the way of this. Personally I was intending to use nc here at work to grab memory dumps and disk images off Windows systems during incident response - which is a common legitimate use of nc. The fact that our standard Windows AV client will trigger a virus detection whenever this is done really complicates the process, and while there are ways around this (exempting files from scanning for one) the workarounds all have their own particular foibles.

    Also in pen test, the ability to avoid antivirus is particularly useful. Sure a technique like that may help the skiddies, but the same could be said for many other pen testing tools and techniques.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #23
    Junior Member
    Join Date
    Apr 2009
    Posts
    43

    Default

    Yeah I would like to point out that in this case NetCat actually has many legitimate uses, and is merely flagged by AVs as a precaution. Albeit an annoying precaution.
    I hate lending someone my USB stick and having it returned with things missing. Blegh.

  4. #24
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I prefer that NC is flagged by AV nowadays. People who have a legitimate reason to use it either don't bother or know how to circumvent it. Too bad for the skiddie though
    Tiocfaidh ár lá

  5. #25
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I wasn't questioning the legitimacy of using netcat for certain things. I've used in myself in similar cases to those lupin metioned.

    Too me it wasn't a big jump from getting nc past AV to getting other things past AV. Overall I see AV as a tool protecting the greater good, and prividing anyone (legitimate reasons or not) a way to bypass it as a netgative to the greater internet community.

    Maybe I'm taking it too seriously, as always I'm ok with being ignored I have been known to overreact ya know maybe once or twice in the past <grin>
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #26
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Shameless plug: Netcat Power Tools
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #27
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Bringing this thread back to life, I found a recompiled version of netcat for Windows at the link below, and its also been slightly modified to get rid of an "annoyance" that Ive noticed regarding file transfer. The new compiled version (nc2.exe) gets a 0/40 detection rate on VirusTotal as of two minutes ago. Haven't tested it to see if I could reproduce the crashes I was getting on my compiled version as yet.

    Here's the link for anyone who is interested:

    http://radajo.blogspot.com/2008/09/n...nnoyances.html
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #28
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    23

    Default

    thx for the link lupin
    http://ne0matrix.blogspot.com
    http://ne0matrix.blip.tv

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •