Re: Ideas on netcat

From: Penetration Testing (pentestat_private)
Date: Tue Aug 28 2001 - 09:40:10 PDT

  • Next message: Rajeev Kumar: "Netcat for multiple file transfer."

    On 24 Aug 2001, Vo0d0o wrote:
    > As far as I know, no site is giving some other uses of netcat
    > pertaining to pen-testing ...other than the usual *README* file which
    > I find too basic.
    > I would be grateful if anybody could throw some light on uses of
    > netcat in pen-testing.
    What do you want to do with it?  Netcat, like many other tools is not
    intended to be specifically a penetration testing tool.  As it happens, it
    is often quite handy in penetration testing.
    If you have an idea of what netcat does, and you know what you want to do,
    it should not be rocket science to put the two together.
    For example, I have used netcat in the past in scripts to gather web
    server versions from a range of addresses...
    1. Create a file containing the following:
    HEAD / HTTP/1.0<ret><ret>
    2. Cat this file to netcat, pointed at a web server address:
    cat file | netcat -v -w 2 80 > output
    The output file will contain the HEAD output from the web server.
    Like I said, it is a great tool, but it does not have any magical
    penetration testing properties. :-)
    Dave Taylor
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 11:50:55 PDT