Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ncat usage

From: James Rogers <jamesmrogers () gmail com>
Date: Thu, 10 May 2012 09:55:28 -0400
Let's try using ncat to debug this connection.
You can get a web page with the following command:

ncat -C scanme.nmap.org 80

And then type:

GET / HTTP/1.0

followed by 2 newlines.

You should get the web page served to the command line.  If you wish
you can redirect the output to a file for later comparisons.

This is from http://nmap.org/ncat/guide/ncat-usage.html

Try getting a web page from your web site and from another website and
compare them to see what is different.    If the headers were the
same, then the content would be treated identically.

Then try to make your headers look the same.

On Thu, May 10, 2012 at 8:57 AM, Dave Henderson
<dhenderson () digital-pipe com> wrote:

Good morning James, thanks for the continued help.  So here's where we're at
right now... I've modified the code so that ncat stays continually running
(as well as using the -C parameter as indicated by one of the websites
below).  Could there be a problem with using 'head' in conjunction with ncat
(or named pipes)?  When I try to access the URI now, instead of the script
running, the browser is prompting me to save the file.  Thoughts?

Thanks,
Dave



mkfifo "$SI"
mkfifo "$SO"
ncat $sOPTS -Ck -l 127.0.0.1 $iPORT < "$SI" > "$SO" &


while (( 1 == 1 )); do
   trap exitGraceful SIGINT

   head -n 1 "$SO" | procRequest > "$SI"
   trap - SIGINT
done




On 05/09/2012 06:59 PM, James Rogers wrote:


Yes, each file you send has to have the content type and http header
along with the two newlines.

Unless configured to do multiple requests per connection, each
connection from a web browser will send the headers and the content
for just a single get request.

On Wed, May 9, 2012 at 3:58 PM, Dave Henderson
<dhenderson () digital-pipe com>  wrote:


No problem. :)  And I need to use multiple 'Content Type: ...' headers -
one
for the script and one per file sent (along with the 'HTTP/1.1 200 OK'
per
requested file)?

Thanks,
Dave



On 05/09/2012 02:50 PM, James Rogers wrote:


Yes, a content type should allow the browser to display the output.
Sorry I missed that.

On Wed, May 9, 2012 at 2:48 PM, Dave Henderson
<dhenderson () digital-pipe com>    wrote:


Thanks for the response James.  I did have that line, but with no
trailing
newlines.  Since I've added the newlines to the output, when I access
the
URI, it's prompting me to save the file instead of executing it.  I
shouldn't need a "Content Type: ..." declaration as well before
executing
the script right?  The executed script should provide that before
sending
output IIRC.

Thanks,
Dave



On 05/09/2012 02:14 PM, James Rogers wrote:


The file you are trying to upload to the web browser, does it have the
http response as the first line followed by a couple of newlines?

A valid file to return would look like this:

HTTP/1.0 200 OK

<html>
  <body>
    <h1>Hello, world!</h1>
  </body>
</html>

Without the http response in the file the browser won't know what to
do.

I got this example file from here:
http://nmap.org/ncat/guide/ncat-usage.html



On Wed, May 9, 2012 at 1:25 PM, Dave Henderson
<dhenderson () digital-pipe com>      wrote:


On 05/07/2012 04:10 PM, Dave Henderson wrote:


On 05/07/2012 03:57 PM, David Fifield wrote:


On Mon, May 07, 2012 at 03:34:06PM -0400, Dave Henderson wrote:


Good afternoon gang!  I'm working on a project that currently uses
Berkley's netcat (nc), however, during some research I stumbled on
ncat.  I can see that it's much more comprehensive so I'd like to
make the switch to using it instead, but I can't seem to get it
working right.  The project is basically a bash version of a web
server.  I'll post the working code below.  Any help would greatly
be appreciated!

Thanks,
Dave



while (( 1 == 1 )); do                # causes an infinite loop
for
processing requests
    #nc -Cl $sOPTS "$iPORT"<        "$SI">        "$SO"
2>>/tmp/debug.txt&
 #
netcat-openbsd - DEBUGGING ERRORS/MESSAGES
    nc -Cl $sOPTS "$iPORT"<        "$SI">        "$SO"&
# netcat-openbsd
    #ncat $sOPTS -vvv -C -l 127.0.0.1 $iPORT<        "$SI">
 "$SO"&
# ncat

    trap exitGraceful SIGINT                                    #
traps ctrl-C to exit this script
    head -n 1 "$SO" | procRequest>        "$SI"
    trap - SIGINT
done


You will probably be happier with this (no while loop):

ncat -l -k $iPORT --sh-exec "cat \"$SI\""

Compare to some examples here:

http://nmap.org/ncat/guide/ncat-simple-services.html

David Fifield



Thanks for the reply David.  I've tried using your stated command in
place
of the 'while' loop, but I'm still getting the same result - no
content
in
browser.  Possibly a problem by not using the $SO named pipe?  I did
take a
look at the example page before I even contacted this mailing list,
but
I
didn't see anything on there that was helpful.  Any other thoughts?

Thanks,
Dave



bump for help

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: