--exec and --sh-exec now supported in Windows Ncat

[David Fifield <david () bamsoftware com>]

Hello all,

It used to be that --exec and --sh-exec didn't work on Windows because
they relied on the fork system call. There are now replacement functions
that emulate the Unix behavior on Windows, so they work now. You can do

ncat.exe -l --exec "C:\WINDOWS\system32\cmd.exe"
ncat.exe -l --sh-exec "echo Hello World!"

Sorry, I don't know any really fun examples. The Unix emulation is
pretty complete. --sh-exec uses cmd.exe /C to start the given program,
so you can use pipelines and redirection as in Unix. All subprocesses
are killed when the main Ncat process is killed, even though this means
that Ncat has to track them itself. The only inconsistency is that
--exec doesn't require the full path name like it does on Unix. It
searches the PATH just like --sh-exec, so the first example could have
used plain "cmd.exe". It would be possible to require the full path
name, but I don't know if that's even desired.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org