PaulDotCom mailing list archives

hiding netcat

From: bytesabit at gmail.com (bytes abit)
Date: Mon, 17 May 2010 10:04:19 -0300

Also, as a side note.. perhaps if you want to keep ncat on the system you
could use the "Copy CON" techniques discussed in PDC...

Can't remember the episode, think it was in the 160-170 range...




On Mon, May 17, 2010 at 8:35 AM, Jim Halfpenny <jim.halfpenny at gmail.com>wrote:

Hi,
Busybox provides netcat functionality plus lots more with a small
footprint. I have not come across any AV software which detects
busybox as a potentially unwanted program.

Regards,
Jim

On 16 May 2010 17:49, Chris Teodorski <chris.teodorski at gmail.com> wrote:

Thanks to all for the great advice.  I was using NetCat, because I'm
putting it on a Teensy++ and I'm very limited in space.  The
executable needs to be super small...

I followed the article here:
http://packetstormsecurity.nl/papers/virus/Taking_Back_Netcat.pdf

It seems to have worked.

Thanks to all for the help.



On Sat, May 15, 2010 at 2:15 PM, Rob Fuller <jd.mubix at gmail.com> wrote:

Just curious, by why are you using Netcat?


--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com
Ignore this:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*



On Sat, May 15, 2010 at 1:02 PM, Professor Thread
<professorthread at gmail.com> wrote:


On 05/15/2010 03:08 PM, Chris Teodorski wrote:

All,

Does anyone know a good way to sneak netcat past modern AV?

Chris



Have you tried nmap's "ncat" version?



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100517/5b2144ea/attachment.htm

Current thread:

hiding netcat Chris Teodorski (May 15)
- hiding netcat Professor Thread (May 15)
  - hiding netcat Michael Allen (May 15)
    - hiding netcat Paul Asadoorian (May 17)
  - hiding netcat Rob Fuller (May 15)
    - hiding netcat Chris Teodorski (May 16)
    - hiding netcat Jim Halfpenny (May 17)
    - hiding netcat bytes abit (May 17)
    - hiding netcat Ali Alhebshi (May 18)
    - hiding netcat xgermx (May 19)
    - hiding netcat Nicholas B. (May 19)
    - hiding netcat Nils (May 19)
  - hiding netcat Sebastien J (May 15)
  - hiding netcat Chris Clymer (May 16)
- hiding netcat Michael Allen (May 15)
- hiding netcat Prashant Mahajan (May 15)