Security Basics mailing list archives
Re: nc help needed.
From: Johannes Lichtenberger <jl () sindarin nabooisland com>
Date: Sat, 25 Sep 2004 17:37:29 +0200
Michael Shirk wrote:
You say you are trying to connect to a destination, but these commands will setup a server on your local win2k box. The syntax is different to connect out to a destination. Google netcat command line options and you get the readme file: I found the syntax you are using, and here is what it is used for -------------------------------------------------------------------------------------------------------SO_EXCLUSIVEADDRUSE should have been set by the services. Probably, as you sayd, it's working with the old NT 4.You can even get Netcat to listen on the NETBIOS ports that are probably running on most NT machines. This way you can get a connection to a machine that may have port filtering enabled in the TCP/IP Security Network control panel. Unlike Unix, NT does not seem to have any security around which ports that user programs are allowed to bind to. This means anyuser can run a program that will bind to the NETBIOS ports. You will need to bind "in front of" some services that may already belistening on those ports. An example is the NETBIOS Session Service that is running on port 139 of NT machines that are sharing files. You needto bind to a specific source address (one of the IP addresses of the machine) to accomplish this. This gives Netcat priority over the NETBIOSservice which is at a lower priority because it is bound to ANY IP address. This is done with the Netcat -s option:nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxxNow you can connect to the machine on port 139 and Netcat will field the connection before NETBIOS does. You have effectively shut off file sharing on this machine by the way. You have done this with justuser privileges to boot. -------------------------------------------------------------------------------------------------- Now, I would ask what your purpose is. If you are trying to see if the windows 2000 box allows null sessions, then use a tool like enum to enumerate information from a null session. However, if you actually want to make netcat listen for connections ahead of the NETBIOS service, then I would ask if anyone else has got this to work. I get the same thing in Win2K. Obviously it worked in WinNT (but doesn't everything work in WinNT?
[LUNA] C:\>netstat -ano | find "445" TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 192.168.69.253:445 192.168.69.253:1035 ESTABLISHED 4 TCP 192.168.69.253:445 213.6.21.64:4758 ESTABLISHED 4 TCP 192.168.69.253:445 213.137.25.119:3694 ESTABLISHED 4 TCP 192.168.69.253:1035 192.168.69.253:445 ESTABLISHED 4 UDP 0.0.0.0:445 *:* 4 [LUNA] C:\>nc -l -p 445 -s 192.168.69.253 Can't grab 192.168.69.253:445 with bind With Direct SMB and Windows Server 2003 it's really not working ;-)
Current thread:
- nc help needed. Vijay Kumar (Sep 24)
- Re: nc help needed. Forrest Rae (Sep 24)
- Re: nc help needed. mike (Sep 26)
- <Possible follow-ups>
- Re: nc help needed. H Carvey (Sep 24)
- RE: nc help needed. Adam Maxwell (Sep 24)
- Re: nc help needed. Vijay Kumar (Sep 24)
- Fwd: nc help needed. Gautam R. Singh (Sep 27)
- Re: nc help needed. Marcos E. Rodriguez (Sep 27)
- Message not available
- Re: nc help needed. Gautam R. Singh (Sep 28)
- RE: nc help needed. Michael Shirk (Sep 25)
- Re: nc help needed. Johannes Lichtenberger (Sep 27)
- RE: nc help needed. Fields, James (Sep 29)