Penetration Testing mailing list archives

RE: Netcat VS 'real' clients

From: Irene Abezgauz <irene.abezgauz () gmail com>
Date: Wed, 24 Aug 2005 22:53:45 +0200

Ishay,

With netcat and textbased protocols - it is just a question of whether
you know the protocol and able to craft valid requests.

The service receiving your requests (e.g. the web server, or the smtp
server) does not know what kind of a client you are when you send the
request, and actually - it doesn't really care either.

The meaning of a protocol is that is has a specific ruleset, and format
for communication it can receive and handle. As long as your request
matches that format - the service receiving your requests won't mind
whether it's netcat, telnet, a "real" client, or anything else.

Irene

---------------
Irene Abezgauz
Application Security Consultant
Hacktics Ltd.
Mobile: +972-54-6545405
Web: www.hacktics.com
 

-----Original Message-----
From: Ishay [mailto:ishaybs () gmail com] 
Sent: Wednesday, August 24, 2005 2:11 PM
To: pen-test () securityfocus com
Subject: Netcat VS 'real' clients

I wonder if using netcat is simulating the Http,Imap,Pop3,Ftp,SMTP as
the real clients does?
For e.g. pentest for pop3 with netcat VS outlook.

-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.15/80 - Release Date:
8/23/2005
 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.15/80 - Release Date:
8/23/2005

Current thread:

Netcat VS 'real' clients Ishay (Aug 24)
- Re: Netcat VS 'real' clients Jayson Anderson (Aug 24)
- RE: Netcat VS 'real' clients Irene Abezgauz (Aug 24)
- Re: Netcat VS 'real' clients Patrick van Zweden (Aug 24)
- Re: Netcat VS 'real' clients Michael Boman (Aug 24)