Search and Find

Book Title

Author/Publisher

Table of Contents

Show eBooks for my device only:

 

Netcat Power Tools

Netcat Power Tools

of: Jr. Kanclirz, Jan (Ed.)

Elsevier Trade Monographs, 2008

ISBN: 9780080558738 , 280 Pages

Format: PDF

Copy protection: DRM

Windows PC,Mac OSX Apple iPad, Android Tablet PC's

Price: 45,95 EUR



More of the content

Netcat Power Tools


 

Front Cover

1

Netcat Power Tools

4

Technical Editor

6

Contributing Authors

7

Contents

10

Chapter 1: Introduction to Netcat

16

Introduction

17

Installation

18

Windows Installation

18

Linux Installation

20

Installing Netcat as a Package

21

Installing Netcat from Source

22

Confirming Your Installation

25

Netcat’s Command Options

26

Modes of Operation

26

Common Command Options

27

Redirector Tools

33

Basic Operations

34

Simple Chat Interface

34

Port Scanning

35

Transferring Files

36

Banner Grabbing

38

Redirecting Ports and Traffic

39

Other Uses

40

Summary

41

Solutions Fast Track

42

Introduction

42

Installation

42

Options

42

Basic Operations

42

Frequently Asked Questions

43

Chapter 2: Netcat Penetration Testing Features

46

Introduction

47

Port Scanning and Service Identification

47

Using Netcat as a Port Scanner

47

Banner Grabbing

49

Scripting Netcat to Identify Multiple Web Server Banners

50

Service Identification

51

Egress Firewall Testing

51

System B - The System on the Outside of the Firewall

52

System A - The System on the Inside of the Firewall

54

Avoiding Detection on a Windows System

55

Evading the Windows XP/Windows 2003 Server Firewall

55

Example

56

Making Firewall Exceptions using Netsh Commands

56

Determining the State of the Firewall

57

Evading Antivirus Detection

59

Recompiling Netcat

59

Creating a Netcat Backdoor on a Windows XP or Windows 2003 Server

61

Backdoor Connection Methods

62

Initiating a Direct Connection to the Backdoor

62

Benefit of this Method

63

Drawbacks to this Method

63

Initiating a Connection from the Backdoor

64

Benefits of this Connection Method

65

Drawback to this Method

65

Backdoor Execution Methods

65

Executing the Backdoor using a Registry Entry

65

Benefits of this Method

67

Drawback to this Method

67

Executing the Backdoor using a Windows Service

67

Benefits of this Method

69

Drawback to this Method

69

Executing the Backdoor using Windows Task Scheduler

69

Benefit to this Method

71

Backdoor Execution Summary

71

Summary

72

Solutions Fast Track

72

Port Scanning and Service Identification

72

Egress Firewall Testing

72

Avoid Detection on a Windows System

72

Creating a Netcat Backdoor on a Windows XP or Windows 2003 Server

73

Frequently Asked Questions

74

Chapter 3: Enumeration and Scanning with Netcat and Nmap

76

Introduction

77

Objectives

77

Before You Start

77

Why Do This?

78

Approach

79

Scanning

79

Enumeration

80

Notes and Documentation

81

Active versus Passive

82

Moving On

82

Core Technology

82

How Scanning Works

82

Port Scanning

83

Going behind the Scenes with Enumeration

86

Service Identification

86

RPC Enumeration

87

Fingerprinting

87

Being Loud, Quiet, and All That Lies Between

88

Timing

88

Bandwidth Issues

89

Unusual Packet Formation

89

Open Source Tools

89

Scanning

90

Nmap

90

Nmap: Ping Sweep

90

Nmap: ICMP Options

91

Nmap: Output Options

92

Nmap: Stealth Scanning

92

Nmap: OS Fingerprinting

93

Nmap: Scripting

94

Nmap: Speed Options

95

Netenum: Ping Sweep

98

Unicornscan: Port Scan and Fuzzing

98

Scanrand: Port Scan

99

Enumeration

100

Nmap: Banner Grabbing

100

Netcat

102

P0f: Passive OS Fingerprinting

103

Xprobe2: OS Fingerprinting

103

Httprint

104

Ike-scan: VPN Assessment

106

Amap: Application Version Detection

107

Windows Enumeration: Smbgetserverinfo/smbdumpusers/smbclient

107

Chapter 4: Banner Grabbing with Netcat

112

Introduction

113

Benefits of Banner Grabbing

113

Benefits for the Server Owner

114

Finding Unauthorized Servers

114

Benefits for a Network Attacker

116

Why Not Nmap?

118

Basic Banner Grabbing

119

Web Servers (HTTP)

119

Acquiring Just the Header

121

Dealing With Obfuscated Banners

122

Apache ServerTokens

124

Reading the Subtle Clues in an Obfuscated Header

125

HTTP 1.0 vs. HTTP 1.1

125

Secure HTTP servers (HTTPS)

127

File Transfer Protocol (FTP) Servers

131

Immense FTP Payloads

133

E-mail Servers

135

Post Office Protocol (POP) Servers

135

Simple Mail Transport Protocol (SMTP) Servers

136

So, Back to the Banner Grabbing

137

Fingerprinting SMTP Server Responses

139

How to Modify your E-mail Banners

140

Sendmail Banners

141

Microsoft Exchange SMTP Banners

143

Microsoft Exchange POP and IMAP Banners

144

Secure Shell (SSH) Servers

145

Hiding the SSH Banner

147

Banner Grabbing with a Packet Sniffer

147

Summary

152

Solutions Fast Track

154

Benefits of Banner Grabbing

154

Basic Banner Grabbing

155

Banner Grabbing with a Packet Sniffer

155

Frequently Asked Questions

156

Chapter 5: The Dark Side of Netcat

158

Introduction

159

Sniffing Traffic within a System

160

Sniffing Traffic by Relocating a Service

161

Sniffing Traffic without Relocating a Service

166

Rogue Tunnel Attacks

171

Connecting Through a Pivot System

175

Transferring Files

180

Using Secure Shell

180

Using Redirection

181

Man-in-the-middle Attacks

182

Backdoors and Shell Shoveling

183

Backdoors

183

Shell Shoveling

185

Shoveling with No Direct Connection to Target

185

Shoveling with Direct Connection to Target

188

Netcat on Windows

189

Summary

191

Chapter 6: Transferring Files Using Netcat

194

Introduction

195

When to Use Netcat to Transfer Files

195

Sometimes Less Really is Less

196

Security Concerns

196

Software Installation on Windows Clients

197

Where Netcat Shines

197

Speed of Deployment

198

Stealth

198

Small Footprint

199

Simple Operation

199

Performing Basic File Transfers

200

Transferring Files with the Original Netcat

200

Closing Netcat When the Transfer is Completed

201

Other Options and Considerations

202

Timing Transfers, Throughput, etc…

203

Tunneling a Transfer Through an Intermediary

204

Using Netcat Variants

205

Cryptcat

205

GNU Netcat

207

SBD

208

Socat

209

Socat Basics

209

Transferring Files with Socat

210

Encryption

211

Mixing and Matching

212

Ensuring File Confidentiality

213

Using OpenSSH

213

Installing and Configuring Secure Shell

214

Configuring OpenSSH Port Forwarding

216

Using SSL

217

Configuring Stunnel

217

Using IPsec

220

Configuring IPSec on Windows

221

Configuring IPSec on Linux

227

Ensuring File Integrity

232

Hashing Tools

232

Using Netcat for Testing

234

Testing Bandwidth

234

Testing Connectivity

235

Summary

236

Solutions Fast Track

236

When to Use Netcat to Transfer Files

236

Performing Basic File Transfers

236

Using Netcat Variants

236

Ensuring File Confidentiality

237

Ensuring File Integrity

237

Using Netcat for Testing

237

Frequently Asked Questions

238

Chapter 7: Troubleshooting with Netcat

240

Introduction

241

Scanning a System

242

Testing Network Latency

245

Using Netcat as a Listener on Our Target System

246

Using a Pre-existing Service on Our Target System

249

Using a UDP Service

249

Using a TCP Service

250

Application Connectivity

251

Troubleshooting HTTP

252

Troubleshooting FTP

258

Troubleshooting Active FTP Transfers Using Netcat

260

Troubleshooting Passive FTP Transfers using Netcat

263

Summary

266

Index

268