netcat-win86

Netcat prebuilt executable for Windows machines
git clone https://s.sonu.ch/~srket/netcat-win86.git
Log | Files | Refs | LICENSE

readme.txt (6728B)

      1 Update 2011-09-17 - added -c option to send CRLF
      2 
      3 
      4 UPDATE 12/27/04 security fix in -e option for Windows
      5 
      6 Netcat 1.11 for NT - nc111nt.zip
      7 
      8 The original version of Netcat was written by *hobbit* <hobbit@avian.org>
      9 The NT version was done by Weld Pond <weld@vulnwatch.org>
     10 
     11 Netcat for NT is the tcp/ip "Swiss Army knife" that never made it into any 
     12 of the resource kits.  It has proved to be an extremely versatile tool on 
     13 the unix platform. So why should NT always be unix's poor cousin when it 
     14 comes to tcp/ip testing and exploration?  I bet many NT admins out there
     15 keep a unix box around to use tools such as Netcat or to test their systems
     16 with the unix version of an NT vulnerability exploit.  With Netcat for NT
     17 part of that feeling disempowerment is over.
     18 
     19 Included with this release is Hobbit's original description of the powers 
     20 of Netcat.  In this document I will briefly describe some of the things an
     21 NT admin might want to do and know about with Netcat on NT.  For more
     22 detailed technical information please read hobbit.txt included in the
     23 nc11nt.zip archive.
     24 
     25      Basic Features
     26 
     27      * Outbound or inbound connections, TCP or UDP, to or from any ports
     28      * Full DNS forward/reverse checking, with appropriate warnings
     29      * Ability to use any local source port
     30      * Ability to use any locally-configured network source address
     31      * Built-in port-scanning capabilities, with randomizer
     32      * Can read command line arguments from standard input
     33      * Slow-send mode, one line every N seconds
     34      * Hex dump of transmitted and received data
     35      * Ability to let another program service established
     36        connections
     37      * Telnet-options responder
     38 
     39      New for NT
     40 
     41      * Ability to run in the background without a console window
     42      * Ability to restart as a single-threaded server to handle a new
     43        connection
     44 
     45 
     46 A simple example of using Netcat is to pull down a web page from a web
     47 server.  With Netcat you get to see the full HTTP header so you can see
     48 which web server a particular site is running.
     49 
     50 Since NT has a rather anemic command processor, some of the things that are
     51 easy in unix may be a bit more clunky in NT. For the web page example first
     52 create a file get.txt that contains the following line and then a blank
     53 line:
     54 
     55 GET / HTTP/1.0
     56 
     57 To use Netcat to retrieve the home page of a web site use the command:
     58 nc -v www.website.com 80 < get.txt
     59 
     60 You will see Netcat make a connection to port 80, send the text contained
     61 in the file get.txt, and then output the web server's response to stdout.
     62 The -v is for verbose.  It tells you a little info about the connection
     63 when it starts.
     64 
     65 It is a bit easier to just open the connection and then type at the console
     66 to do the same thing. 
     67 nc -v www.website.com 80
     68 
     69 Then just type in GET / HTTP/1.0 and hit a couple of returns.  You will 
     70 see the same thing as above.
     71 
     72 A far more exciting thing to do is to get a quick shell going on a remote
     73 machine by using the -l or "listen" option and the -e or "execute"
     74 option.  You run Netcat listening on particular port for a connection.
     75 When a connection is made, Netcat executes the program of your choice
     76 and connects the stdin and stdout of the program to the network connection.
     77 
     78 nc -l -p 23 -t -e cmd.exe
     79 
     80 will get Netcat listening on port 23 (telnet).  When it gets connected to
     81 by a client it will spawn a shell (cmd.exe).  The -t option tells Netcat
     82 to handle any telnet negotiation the client might expect.
     83 
     84 This will allow you to telnet to the machine you have Netcat listening on
     85 and get a cmd.exe shell when you connect.  You could just as well use 
     86 Netcat instead of telnet:
     87 
     88 nc xxx.xxx.xxx.xxx 23
     89 
     90 will get the job done.  There is no authentication on the listening side
     91 so be a bit careful here.  The shell is running with the permissions of the
     92 process that started Netcat so be very careful.  If you were to use the
     93 AT program to schedule Netcat to run listening on a port with the 
     94 -e cmd.exe option, when you connected you would get a shell with user
     95 NT AUTHORITY\SYSTEM.
     96 
     97 The beauty of Netcat really shines when you realize that you can get it
     98 listening on ANY port doing the same thing.  Do a little exploring and
     99 see if the firewall you may be behind lets port 53 through.  Run Netcat
    100 listening behind the firewall on port 53.  
    101 
    102 nc -L -p 53 -e cmd.exe
    103 
    104 Then from outside the firewall connect to the listening machine:
    105 
    106 nc -v xxx.xxx.xxx.xx 53
    107 
    108 If you get a command prompt then you are executing commands on the
    109 listening machine.  Use 'exit' at the command prompt for a clean
    110 disconnect. The -L (note the capital L) option will restart Netcat with
    111 the same command line when the connection is terminated.  This way you can
    112 connect over and over to the same Netcat process.
    113 
    114 A new feature for the NT version is the -d or detach from console flag.
    115 This will let Netcat run without an ugly console window cluttering up the
    116 screen or showing up in the task list.
    117 
    118 You can even get Netcat to listen on the NETBIOS ports that are probably
    119 running on most NT machines.  This way you can get a connection to a
    120 machine that may have port filtering enabled in the TCP/IP Security Network
    121 control panel.  Unlike Unix, NT does not seem to have any security around
    122 which ports that user programs are allowed to bind to.  This means any
    123 user can run a program that will bind to the NETBIOS ports.
    124 
    125 You will need to bind "in front of" some services that may already be
    126 listening on those ports.  An example is the NETBIOS Session Service that
    127 is running on port 139 of NT machines that are sharing files.  You need
    128 to bind to a specific source address (one of the IP addresses of the 
    129 machine) to accomplish this.  This gives Netcat priority over the NETBIOS
    130 service which is at a lower priority because it is bound to ANY IP address.
    131 This is done with the Netcat -s option:
    132 
    133 nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
    134 
    135 Now you can connect to the machine on port 139 and Netcat will field
    136 the connection before NETBIOS does.  You have effectively shut off
    137 file sharing on this machine by the way.  You have done this with just
    138 user privileges to boot.
    139 
    140 PROBLEMS with Netcat 1.1 for NT
    141 
    142 There are a few known problems that will eventually be fixed.  One is
    143 the -w or timeout option.  This works for final net reads but not
    144 for connections.  Another problem is using the -e option in UDP mode.
    145 You may find that some of the features work on Windows 95.  Most
    146 of the listening features will not work on Windows 95 however.   These will
    147 be fixed in a later release.
    148 
    149 Netcat is distributed with full source code so that people can build
    150 upon this work.  If you add something useful or discover something 
    151 interesting about NT TCP/IP let met know.
    152 
    153 Weld Pond <weld@l0pht.com>, 2/2/98
    154 
    155 
    156 
    157