Fwd: nc help needed.

["Gautam R. Singh" <gautam.singh () gmail com>]

Hi
Nc should be running & listning for connection on port 139 on the
dest. -s<ip address> too.

~gautam


---------- Forwarded message ----------
From: Vijay Kumar <vijay () calsoftinc com>
Date: Fri, 24 Sep 2004 18:56:59 +0530
Subject: Re: nc help needed.
To: scream () cogeco ca, Security Basics <security-basics () securityfocus com>

Hi,

Thanks a ton for all the replies. I know that Netbios is using port 139.
Since the Windows computer is currently accepting null sessions, we
should be able to connect to this port via netcat.  ( am i right ? )
Have been reading these lines from the documentation, which talks about
assigning proirity to the netcat session we are trying to establish.
Hence I am sure this should work, we are mising on something.
Does anyone has anything to add ?
Also I am not understanding whether the -s <ip address> should be the
computer running netcat or the detination (target) machine ?

"" You will need to bind "in front of" some services that may already be
listening on those ports.  An example is the NETBIOS Session Service
that is running on port 139 of NT machines that are sharing files.  You
need to bind to a specific source address (one of the IP addresses of
the  machine) to accomplish this.  This gives Netcat priority over the
NETBIOS service which is at a lower priority because it is bound to ANY
IP address. This is done with the Netcat -s option:

nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx

Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does.  You have effectively shut off
file sharing on this machine by the way.  You have done this with just
user privileges to boot. ""

Have not used psexec -> will try it.

Regards
Vijay.

On Fri, 2004-09-24 at 17:55, Scream wrote:
> using the -p 139 command line switch would attempt to bind to port 139 on
> the machine you are running it on which being a windows machine is already
> in use..
>
>
> If you are trying to connect to the remote then it would be , this however
> will not spawn a cmd session.
>
> nc -v ip addr 139
>
>
> ----- Original Message -----
> From: "Vijay Kumar" <vijay () calsoftinc com>
> To: <security-basics () securityfocus com>
> Sent: Thursday, September 23, 2004 11:21 AM
> Subject: nc help needed.
>
>
> > Hi,
> >
> > Trying to use the nc command from a windows 2k box :
> >
> > nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
> >
> > The error given is :  Can't grab xxx.xxx.xxx.xxx:139 with bind.
> >
> > s -> destination host where the null sessions on 139 are accepted.
> >
> > Any clue, how to to get the cmd working on the remote host ?
> >
> > Regards,
> > Vijay.
> >
> >
> >
> >
> >
> >
> >
> > --------------------------------------------------------------------------
> -
> > Computer Forensics Training at the InfoSec Institute. All of our class
> sizes
> > are guaranteed to be 12 students or less to facilitate one-on-one
> > interaction with one of our expert instructors. Gain the in-demand skills
> of
> > a certified computer examiner, learn to recover trace data left behind by
> > fraud, theft, and cybercrime perpetrators. Discover the source of computer
> > crime and abuse so that it never happens again.
> >
> > http://www.infosecinstitute.com/courses/computer_forensics_training.html
> > --------------------------------------------------------------------------
> --
> >




---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------





-- 
Gautam R. Singh
PGP Key: http://gautam.techwhack.com/key/


NOTE: The information contained in this message is confidential and
intended only for the use of the individual or entity identified. If
the reader of this message is not the intended recipient, any
dissemination, distribution or copying of the information in this
message is strictly prohibited. If you have received this message by
error, please notify the sender immediately.