Thursday, September 16, 2010

Ncat for Fun and Profit - The network Swiss army knife ... not so much.

Ncat was born out of the Google Summer of Code project and was written in similitude to Netcat by Hobbit but not using any of Hobbit's source code. 

There are some differences between Ncat and Netcat such as the omission of port scanning functionality - Ncat cannot take a list of ports to connect to on a host system, only a single port at a time, and has no port randomization or zero-I/O mode functionality. 

From the developers standpoint, this does make sense as it is bundled with the best port scanner in the world, Nmap. 

However, Ncat can't really take on the mantle of "The network Swiss army knife" by reducing functionality.

You can download the current stable and beta versions of Ncat from: Fyodor's Nmap site

The windows binary can be gotten in the Nmap Win32 zip distribution or installed as part of the Nmap installation using the windows installer version.

Here are some usage examples to try out for fun on your "lab network" (grin, grin, wink, wink)


Connect to nsa.gov on TCP port 8080.
  • ncat nsa.gov 8080
Listen for connections on TCP port 8080.
  • ncat -l 8080
Redirect TCP port 8080 on the local machine to host on port 80.
  • ncat --sh-exec "ncat nsa.gov 80" -l 8080 --keep-open
Bind to TCP port 8081 and attach /bin/bash for the world to access freely.
  • ncat --exec "/bin/bash" -l 8081 --keep-open
Bind a shell to TCP port 8081, limit access to hosts on a local network, and limit the maximum number of simultaneous connections to 3.
  • ncat --exec "/bin/bash" --max-conns 3 --allow 192.168.0.0/24 -l 8081 --keep-open
Connect to smtphost:25 through a SOCKS4 server on port 1080.
  • ncat --proxy socks4host --proxy-type socks4 --proxy-auth user smtphost 25
Create an HTTP proxy server on localhost port 8888.
  • ncat -l --proxy-type http localhost 8888
Send a file over TCP port 9899 from host2 (client) to host1 (server).
  • HOST1$ ncat -l 9899 > outputfile 
  • HOST2$ ncat HOST1 9899 < inputfile
Transfer in the other direction, turning Ncat into a one file server. 
  • HOST1$ ncat -l 9899 < inputfile 
  • HOST2$ ncat HOST1 9899 > outputfile  
Hackers of the World - Unite!
Posted by at No comments:

Tuesday, September 14, 2010

Launch CMD line apps from windows shortcuts that stay open after execution

Sometimes you just feel lazy. Admit it. You'd like to be able to just double-click a shortcut and launch your favorite command line applications in one shot ... oh and not have them disappear once they complete their run before you can absorb the output. :)

Here's a quick little trick that some may or may not know.

CMD.EXE has some switches of it's own that don't get used too often unless you spend a lot of time scripting batch files etc.

The one we care about for this blog post is the"/K" switch

Definition -/k : Carries out the command specified by string and continues.

So let's say you have Ncat installed and you want to have a quick desktop shortcut to launch it, you would set it up as follows:

1. Right-click the desktop and choose NEW > Shortcut and the following window will appear

2. Enter "cmd.exe" into the location and click NEXT
3. Type in the desired shortcut name, in this case: Ncat 5.21
4. Once you have clicked Finish, you should see something like the following on the desktop. Right-click the icon and choose Properties
5. In the Properties pop-up window, you should see the following
6. In the "Target:" field append " /k ncat -h" with out the quotes as shown below**NOTE: I like to add the "-h, -?, or /?" switch to print help at the end of the command as some command line tools if launched without a help switch will enter interactive mode immediately and I always like a quick reminder of the switches I can use with the command before using it.

7. Also you'll want to usually run built-in command line tools from the systems directory, in this case: SYSTEM32 So append it to the path "Start in:" like shown below.8. I like to modify the Options for the command prompt window to allow QuickEdit. Just check the box for it on the Options Tab as shown below.9. I usually increase the size of the command prompt window as well. From the Layout Tab I change the windows size height to 50 as shown below, so I can see all the help that the "-h" printed.10. After clicking OK, I double-click the shortcut icon and viola:
This can be used for any command line application. You can get more creative to include more complex switch and command arguments to the shortcut if there is a particular process you want to launch easily. If you go too far with it, you might as well start batch scripting though. ;)

Go Team CMD-LINE!
Posted by at No comments:
Subscribe to: Posts (Atom)