You are previewing Netcat Power Tools.
O'Reilly logo
Netcat Power Tools

Book Description

Originally released in 1996, Netcat is a netowrking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a "Swiss Army knife" utility, and for good reason. Just like the multi-function usefullness of the venerable Swiss Army pocket knife, Netcat's functionality is helpful as both a standalone program and a backe-end tool in a wide range of applications. Some of the many uses of Netcat include port scanning, transferring files, grabbing banners, port listening and redirection, and more nefariously, a backdoor. This is the only book dedicated to comprehensive coverage of the tool's many features, and by the end of this book, you'll discover how Netcat can be one of the most valuable tools in your arsenal.

* Get Up and Running with Netcat Simple yet powerful...Don't let the trouble-free installation and the easy command line belie the fact that Netcat is indeed a potent and powerful program.
* Go PenTesting with Netcat Master Netcat's port scanning and service identification capabilities as well as obtaining Web server application information. Test and verify outbound firewall rules and avoid detection by using antivirus software and the Window Firewall. Also, create a backdoor using Netcat.
* Conduct Enumeration and Scanning with Netcat, Nmap, and More! Netcat's not the only game in town...Learn the process of network of enumeration and scanning, and see how Netcat along with other tools such as Nmap and Scanrand can be used to thoroughly identify all of the assets on your network.
* Banner Grabbing with Netcat Banner grabbing is a simple yet highly effective method of gathering information about a remote target, and can be performed with relative ease with the Netcat utility.
* Explore the Dark Side of Netcat See the various ways Netcat has been used to provide malicious, unauthorized access to their targets. By walking through these methods used to set up backdoor access and circumvent protection mechanisms through the use of Netcat, we can understand how malicious hackers obtain and maintain illegal access. Embrace the dark side of Netcat, so that you may do good deeds later.
* Transfer Files Using Netcat The flexability and simple operation allows Netcat to fill a niche when it comes to moving a file or files in a quick and easy fashion. Encryption is provided via several different avenues including integrated support on some of the more modern Netcat variants, tunneling via third-party tools, or operating system integrated IPsec policies.
* Troubleshoot Your Network with Netcat Examine remote systems using Netat's scanning ability. Test open ports to see if they really are active and see what protocls are on those ports. Communicate with different applications to determine what problems might exist, and gain insight into how to solve these problems.
* Sniff Traffic within a System Use Netcat as a sniffer within a system to collect incoming and outgoing data. Set up Netcat to listen at ports higher than 1023 (the well-known ports), so you can use Netcat even as a normal user.

* Comprehensive introduction to the #4 most popular open source security tool
available
* Tips and tricks on the legitimate uses of Netcat
* Detailed information on its nefarious purposes
* Demystifies security issues surrounding Netcat
* Case studies featuring dozens of ways to use Netcat in daily tasks

Table of Contents

  1. Copyright
  2. Technical Editor
  3. Contributing Authors
  4. 1. Introduction to Netcat
    1. Introduction
    2. Installation
      1. Windows Installation
      2. Linux Installation
        1. Installing Netcat as a Package
        2. Installing Netcat from Source
      3. Confirming Your Installation
    3. Netcat's Command Options
      1. Modes of Operation
      2. Common Command Options
      3. Redirector Tools
    4. Basic Operations
      1. Simple Chat Interface
      2. Port Scanning
      3. Transferring Files
      4. Banner Grabbing
      5. Redirecting Ports and Traffic
      6. Other Uses
    5. Summary
    6. Solutions Fast Track
      1. Introduction
      2. Installation
      3. Options
      4. Basic Operations
    7. Frequently Asked Questions
  5. 2. Netcat Penetration Testing Features
    1. Introduction
    2. Port Scanning and Service Identification
      1. Using Netcat as a Port Scanner
      2. Banner Grabbing
        1. Scripting Netcat to Identify Multiple Web Server Banners
        2. Service Identification
      3. Egress Firewall Testing
        1. System B - The System on the Outside of the Firewall
        2. System A - The System on the Inside of the Firewall
    3. Avoiding Detection on a Windows System
      1. Evading the Windows XP/ Windows 2003 Server Firewall
        1. Example
        2. Making Firewall Exceptions using Netsh Commands
          1. Determining the State of the Firewall
      2. Evading Antivirus Detection
        1. Recompiling Netcat
    4. Creating a Netcat Backdoor on a Windows XP or Windows 2003 Server
      1. Backdoor Connection Methods
        1. Initiating a Direct Connection to the Backdoor
          1. Benefit of this Method
          2. Drawbacks to this Method
        2. Initiating a Connection from the Backdoor
          1. Benefits of this Connection Method
          2. Drawback to this Method
      2. Backdoor Execution Methods
        1. Executing the Backdoor using a Registry Entry
          1. Benefits of this Method
          2. Drawback to this Method
        2. Executing the Backdoor using a Windows Service
          1. Benefits of this Method
          2. Drawback to this Method
        3. Executing the Backdoor using Windows Task Scheduler
          1. Benefit to this Method
        4. Backdoor Execution Summary
    5. Summary
    6. Solutions Fast Track
      1. Port Scanning and Service Identification
      2. Egress Firewall Testing
      3. Avoid Detection on a Windows System
      4. Creating a Netcat Backdoor on a Windows XP or Windows 2003 Server
    7. Frequently Asked Questions
  6. 3. Enumeration and Scanning with Netcat and Nmap
    1. Introduction
    2. Objectives
      1. Before You Start
      2. Why Do This?
    3. Approach
      1. Scanning
      2. Enumeration
        1. Notes and Documentation
        2. Active versus Passive
        3. Moving On
    4. Core Technology
      1. How Scanning Works
        1. Port Scanning
      2. Going behind the Scenes with Enumeration
        1. Service Identification
        2. RPC Enumeration
        3. Fingerprinting
      3. Being Loud, Quiet, and All That Lies Between
        1. Timing
        2. Bandwidth Issues
        3. Unusual Packet Formation
    5. Open Source Tools
      1. Scanning
        1. Nmap
          1. Nmap: Ping Sweep
          2. Nmap: ICMP Options
          3. Nmap: Output Options
          4. Nmap: Stealth Scanning
          5. Nmap: OS Fingerprinting
          6. Nmap: Scripting
          7. Nmap: Speed Options
        2. Netenum: Ping Sweep
        3. Unicornscan: Port Scan and Fuzzing
        4. Scanrand: Port Scan
      2. Enumeration
        1. Nmap: Banner Grabbing
        2. Netcat
        3. P0f: Passive OS Fingerprinting
        4. Xprobe2: OS Fingerprinting
        5. Httprint
        6. Ike-scan: VPN Assessment
        7. Amap: Application Version Detection
        8. Windows Enumeration: Smbgetserverinfo/smbdumpusers/smbclient
  7. 4. Banner Grabbing with Netcat
    1. Introduction
    2. Benefits of Banner Grabbing
      1. Benefits for the Server Owner
        1. Finding Unauthorized Servers
      2. Benefits for a Network Attacker
        1. Why Not Nmap?
    3. Basic Banner Grabbing
      1. Web Servers (HTTP)
        1. Acquiring Just the Header
        2. Dealing With Obfuscated Banners
          1. Apache ServerTokens
          2. Reading the Subtle Clues in an Obfuscated Header
        3. HTTP 1.0 vs. HTTP 1.1
        4. Secure HTTP servers (HTTPS)
      2. File Transfer Protocol (FTP) Servers
        1. Immense FTP Payloads
      3. E-mail Servers
        1. Post Office Protocol (POP) Servers
        2. Simple Mail Transport Protocol (SMTP) Servers
          1. So, Back to the Banner Grabbing
          2. Fingerprinting SMTP Server Responses
        3. How to Modify your E-mail Banners
          1. Sendmail Banners
          2. Microsoft Exchange SMTP Banners
          3. Microsoft Exchange POP and IMAP Banners
      4. Secure Shell (SSH) Servers
        1. Hiding the SSH Banner
    4. Banner Grabbing with a Packet Sniffer
    5. Summary
    6. Solutions Fast Track
      1. Benefits of Banner Grabbing
      2. Basic Banner Grabbing
      3. Banner Grabbing with a Packet Sniffer
    7. Frequently Asked Questions
  8. 5. The Dark Side of Netcat
    1. Introduction
    2. Sniffing Traffic within a System
      1. Sniffing Traffic by Relocating a Service
    3. Sniffing Traffic without Relocating a Service
    4. Rogue Tunnel Attacks
    5. Connecting Through a Pivot System
    6. Transferring Files
      1. Using Secure Shell
    7. Using Redirection
    8. Man-in-the-middle Attacks
    9. Backdoors and Shell Shoveling
      1. Backdoors
    10. Shell Shoveling
      1. Shoveling with No Direct Connection to Target
    11. Shoveling with Direct Connection to Target
    12. Netcat on Windows
    13. Summary
  9. 6. Transferring Files Using Netcat
    1. Introduction
    2. When to Use Netcat to Transfer Files
      1. Sometimes Less Really is Less
        1. Security Concerns
        2. Software Installation on Windows Clients
      2. Where Netcat Shines
        1. Speed of Deployment
        2. Stealth
        3. Small Footprint
        4. Simple Operation
    3. Performing Basic File Transfers
      1. Transferring Files with the Original Netcat
        1. Closing Netcat When the Transfer is Completed
        2. Other Options and Considerations
          1. Timing Transfers, Throughput, etc…
          2. Tunneling a Transfer Through an Intermediary
    4. Using Netcat Variants
      1. Cryptcat
      2. GNU Netcat
      3. SBD
      4. Socat
        1. Socat Basics
        2. Transferring Files with Socat
        3. Encryption
        4. Mixing and Matching
    5. Ensuring File Confidentiality
      1. Using OpenSSH
        1. Installing and Configuring Secure Shell
        2. Configuring OpenSSH Port Forwarding
      2. Using SSL
        1. Configuring Stunnel
      3. Using IPsec
        1. Configuring IPSec on Windows
        2. Configuring IPSec on Linux
    6. Ensuring File Integrity
      1. Hashing Tools
    7. Using Netcat for Testing
      1. Testing Bandwidth
      2. Testing Connectivity
    8. Summary
    9. Solutions Fast Track
      1. When to Use Netcat to Transfer Files
      2. Performing Basic File Transfers
      3. Using Netcat Variants
      4. Ensuring File Confidentiality
      5. Ensuring File Integrity
      6. Using Netcat for Testing
    10. Frequently Asked Questions
  10. 7. Troubleshooting with Netcat
    1. Introduction
    2. Scanning a System
    3. Testing Network Latency
      1. Using Netcat as a Listener on Our Target System
      2. Using a Pre-existing Service on Our Target System
        1. Using a UDP Service
        2. Using a TCP Service
    4. Application Connectivity
      1. Troubleshooting HTTP
      2. Troubleshooting FTP
        1. Troubleshooting Active FTP Transfers Using Netcat
        2. Troubleshooting Passive FTP Transfers using Netcat
    5. Summary