![Page 1: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/1.jpg)
TCP FooNetCat and NMAP too
A presentation by Alex Meyers and Chris Teodorski
![Page 2: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/2.jpg)
Nmap too.
![Page 3: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/3.jpg)
Sorry, wrong nmap.
![Page 4: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/4.jpg)
A how-to on some scan foo...To make the most doesn't require verbose.
![Page 5: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/5.jpg)
Don't miss, make a list. -sL
![Page 6: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/6.jpg)
![Page 7: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/7.jpg)
64.13.134.48-53
![Page 8: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/8.jpg)
Nmap 64.13.134.48-53Nmap 10.116.0-255.1-127Nmap 192.168.1.1/24Nmap *41.24-33.*.1-254
Enter the scanman
![Page 9: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/9.jpg)
--top-ports 5
One of my favorite new switches. It saves you
stitches when hiding from snitches, bitches.
![Page 10: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/10.jpg)
I meant sneeches.
![Page 11: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/11.jpg)
Technique and more switches.
--top-ports 5--reason--sA (Ack scan)
![Page 12: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/12.jpg)
![Page 13: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/13.jpg)
Here is your TCP foo.
Tcp full-connect*No-response (The firewall disregards)
Syn-ack (The dude obliges)
Ack-scanReset (ZOMGWTF! RFC793)
![Page 14: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/14.jpg)
![Page 15: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/15.jpg)
No Response (This is a state-full firewall.)
![Page 16: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/16.jpg)
![Page 17: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/17.jpg)
Closed ports tend to reply to your FIN with a RST. Open ports tend to ignore the packet in question.
![Page 18: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/18.jpg)
Except for windows machines.Open or closed, they RST.
![Page 19: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/19.jpg)
![Page 20: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/20.jpg)
A normal, actual closed port.
![Page 21: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/21.jpg)
![Page 22: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/22.jpg)
-sV -O -sC
More (built in) Fingerprinting
![Page 23: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/23.jpg)
Or simply...
-A-A
![Page 24: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/24.jpg)
![Page 25: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/25.jpg)
![Page 26: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/26.jpg)
Not often remembered.
- - interactive
![Page 27: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/27.jpg)
![Page 28: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/28.jpg)
Summary:
nmap -sT -A --osscan-limit -T5 --min-hostgroup 100 --max-retries 2 --top-ports 10 --reason -vv -iL DailyScan.txt -oA $(DATE)scan
![Page 29: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/29.jpg)
This page intentionally blank
![Page 30: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/30.jpg)
NetCatthe TCP/IP swiss army knife
● A Unix utility which reads and writes data across network connections, using TCP or UDP
● It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts.
![Page 31: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/31.jpg)
Caveat
netcat-openbsd
is not
netcat-tradtional
![Page 32: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/32.jpg)
So boring, I'm snoring● Direct connect
● nc -nvlp 8080 (server)● nc <server> 8080 (client)
● Stupid Chat
![Page 33: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/33.jpg)
● Getting Shell● -e ● AV and Me
● File Transfer● nc -nvlp 8080 > poopypants.txt (server)● nc <server> 8080 < poopypants.txt (client)
![Page 34: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/34.jpg)
Don't be at a loss, NetCat really is pure awesome sauce
● Reverse Connect – The Firewall Killer● nc -nvlp 8080 (client)● nc <server> 8080 (server)
● Port Scanning with NetCat (okay, it's no nmap)
● nc -v -n -w 2 -z <target>
![Page 35: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/35.jpg)
● Banner grabbing● nc -v <target host> <target port>
● PHUKD + Netcat
Props to Ed Skoudis for this
![Page 36: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/36.jpg)
Still more you can do, once you master NCat too.
● Ncat is NetCat for the 21st century● -k keep the connection open for more than one
client● --broker allow mutiple connections and allow
communication between the clients● -ssl encrypt your foo● --telnet accept telnet negotiations
![Page 37: TCP Foo - HackPGH · 2010-10-19 · NetCat the TCP/IP swiss army knife A Unix utility which reads and writes data across network connections, using TCP or UDP It is designed to be](https://reader036.vdocuments.site/reader036/viewer/2022070821/5f2241ede36de46577702910/html5/thumbnails/37.jpg)