Re: Ncat for Netcat users

[David Fifield <david () bamsoftware com>]

On Fri, Nov 06, 2009 at 12:31:47AM -0800, Fyodor wrote:
> On Wed, Nov 04, 2009 at 09:28:53PM -0500, Ron wrote:
> > I'm not sure if you guys have seen this yet, but it's a pretty good
> > guide to using Ncat targeted for people who are accustomed to Netcat:
> >
> > http://junker.org/~tkh16/ncat-for-netcat-users.php
>
> Thanks Ron!  This sort of article is really nice to see.  Some of the
> issues he notes will be fixed with the new Nmap (and Ncat) release
> next week.  Also, I can understand how this part frustrates him:
>
>    Unfortunately, Ncat cannot be used as an SSL wrapper around a
>    non-encrypted service (such as VNC) because of the way Ncat forks a
>    process when using its command execution options. To quote the Ncat
>    source code: "This doesn't work because we just fork and redirect
>    the child's standard input and output to a socket. To support
>    --exec with --ssl we would need to fork Ncat code to speak SSL to
>    the socket and plaintext to the subprocess."
>
> We might want to think some more about how important this really is,
> how hard it would be to support, and whether we want to try.

Yes, this has been on my TODO for a long time. We already do this on
Windows, where you can't just redirect the standard input and output of
a child process to a socket. Instead, we create a couple of pipes to
pass to the subprocess, and start a thread to relay data between the
socket and the pipes. Besides allowing --exec with SSL, this would also
allow logging of data sent and received by the child process.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/