Penetration Testing mailing list archives

Re: Ideas on netcat

From: Penetration Testing <pentest () infosecure com au>
Date: Tue, 28 Aug 2001 08:40:10 -0800 (GMT+8)

On 24 Aug 2001, Vo0d0o wrote:

As far as I know, no site is giving some other uses of netcat
pertaining to pen-testing ...other than the usual *README* file which
I find too basic.

I would be grateful if anybody could throw some light on uses of
netcat in pen-testing.


What do you want to do with it?  Netcat, like many other tools is not
intended to be specifically a penetration testing tool.  As it happens, it
is often quite handy in penetration testing.

If you have an idea of what netcat does, and you know what you want to do,
it should not be rocket science to put the two together.

For example, I have used netcat in the past in scripts to gather web
server versions from a range of addresses...

1. Create a file containing the following:
HEAD / HTTP/1.0<ret><ret>

2. Cat this file to netcat, pointed at a web server address:
cat file | netcat -v -w 2 127.0.0.1 80 > output

The output file will contain the HEAD output from the web server.

Like I said, it is a great tool, but it does not have any magical
penetration testing properties. :-)

Regards,
Dave Taylor


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Ideas on netcat Vo0d0o (Aug 27)
- Re: Ideas on netcat Assess (Aug 29)
- Re: Ideas on netcat Dave Aitel (Aug 29)
- Re: Ideas on netcat Penetration Testing (Aug 29)
- Re: Ideas on netcat Pawel Krawczyk (Aug 29)
- Re: Ideas on netcat BS (Aug 29)
- Re: Ideas on netcat Forrest Rae (Aug 29)
- Re: Ideas on netcat Jose Nazario (Aug 29)