Basic tools - NETCAT (Telnet - banner, transfer text message)

Our future study and work,and learning process,will be regular,reuse these tools,所以,基于这点,I put these particularly important tools,Let me introduce it first

常用⼯具

​ • 经常使⽤且功能强⼤

​ • 安全从业者必不可少的帮⼿

• Nc / ncat

• Wireshark

• Tcpdump

Each of us must be proficient in most of the functions common to these tools,If you can use it very skillfully,就更好了

NETCAT ——NC

• 网络⼯具中的瑞⼠军⼑——⼩⾝材、⼤智慧

• 侦听模式 / 传输模式

• telnet / 获取banner信息

• 传输⽂本信息

• 传输⽂件/目录

• 加密传输⽂件

• 远程控制/⽊⻢

• 加密所有流量

• 流媒体服务器

• 远程克隆硬盘

nc是跨平台的,有windows版本,也有linux版本,The volume is only one or two hundredk

在windows下,我们经常使用telnet,telnet别人的23端口、25端口,After connecting to someone else's port,发送一些指令,bring back somebanner信息,有了nc之后,we can give uptelnet,因为nc比telnet更加的强大、稳定

我们可以拿ncmake a chat tool,it can transmit text messages,除此之外,还可以传输文件,做为文件服务器、FTP服务器,To use this function,Can not only transfer files,You can also upload a directory

nc的加密,is to take advantage of the encryption characteristics of some systems,The combination,The ability to encrypt transfer files,默认情况下,Transmission of text files is not encrypted,另外ncCan be used as remote control,某种意义上,Can be used as a Trojan horse,it can control the server remotely,Although a command line tool,但是命令行,full control,我们的服务器,而ncall antivirus software,Don't take it as a virus killing such a tool,把ncas remote control,an ideal choice

There are many video servers online,It is based on the streaming audio and video streaming,ncClient and server that can do streaming media

Cloning can serve as a hard disk for the remote,hard drive transfer

NC——TELNET / BANNER

• nc –nv 1.1.1.1 110
• nc –nv 1.1.1.1 25
• nc –nv 1.1.1.1 80

nc可以telnet目标端口,发送一些指令,Connect to each other's services,比如说,you have mail server,它可以telnet你的smtp端口,或者是pop3端口,and if you have a website,它可以nc你的80端口

ncCan be used as client,Can also be used as a server,There are usually two scenarios for use,As a client,It can connect to other server service port,to service port,发送指令,进行探测

我们以实例,How to use the scene,Introduce to you one by onenc命令、参数的使用

nc -h

View parameter usage

当nc做为客户端,经常使用的参数

nc -vn

-vDisplay information about detailed connections,-n后面跟IP地址,不进行DNS解析

我们这里,不建议nc -nv后面跟域名,因为ncDomain name resolution is sometimes slow,The domain nameIP地址解析出来,我们直接用nc去连接IP地址,and its corresponding port

Let's analyze it first163邮箱的IP地址

ping pop3.163.com

用nc对IP地址,进行连接,pop3,走的是110端口

nc -vn 220.181.12.110 110
//This is the client connecting to the server,最基本的命令

ncAfter connecting to the server port,will check the serverbanner信息,through this connection,We know that the server110端口,open的同时,我们会知道110server is usingcoremailprotocol to implement mail service

连上来之后,We can do it on the current connection of the command input

在pop3里面,要输入的user是要经过base64的编码,编码之后的,一串字符,是要使用user来登录

base64
[email protected]

输入完之后,按ctrl + d,base64Calculate my emailbase64编码的情况

USER MTU4NjA2NzcxMjNAMTYzLmNvbQo=

wait for the server to return meok,然后再输入PASS什么什么的,当然,The password also has to go throughbase64编码

If the account password I entered is correct,Actually I can in this command line,通过163邮件服务器,to receive my email,Follow us under the tool GUI,没什么太大区别

我还可以ping一下smtp的服务器

ping smtp.163.com

获取到smtp服务器的IP地址

nc -nv 220.181.15.161 25

Anti-spam GT,163Anti-spam mail gateway device,coremail systemAn anti-spam gateway

ehlo 15860611456

然后,hinted me some commands,比如,I can do the authentication

AUTH LOGIN
[email protected]

No need to enter username herebase64,I just need to enter my account password,我们就可以通过smtp服务器,Email to foreign,每个smtp服务器,Acceptable format,稍有不同,有的CMS服务器,Angle brackets around the mailbox

用kali去连接metersploit2靶机的80端口

nc -nv 192.168.42.138 80
head /

通过敲击http的指令,我们就会把webpage information,or its head,Come back to the request,这跟,I in web pages,see the same,This is used by the clientnc的简单方法

NC——传输⽂本信息

• A：nc -l -p 4444
• B：nc –nv 1.1.1.1 4444

• 远程电⼦取证信息收集

为了给大家做演示,Open two nowkali

如果说,chat words,You need one of themkalito open a port,That is, listening on a port,另外一台电脑,用ncas a client to connect to this port,This will produce atcp的连接,连接之后,By default, text information is transmitted

第一台服务器,when it's going to listen on a port,我们要使用-l参数,告诉nc,I want to open a port for listening,-p指定端口号,What port do I want to listen on,Open the port

A这一端,It is used as one side of the server,Because it is listening ports,等待别人来连接

B做为客户端,Connect to the target computer,A的IP地址,Corresponding to the open listening port

nc -l -p 333
netstat -pantu | grep 333

333端口,已经是linsten的状态了

nc -nv 192.168.42.128 333

Two computers now,you can chat

11111
cofee

我在BWhen this input,AReceived a message here,In this way, you can realize the chat between the two computers

首先用nc做为服务端,to open a listening port on the local computer,用另一个nc,connect to an open port,这样就可以实现TCP的连接,Based on textual information on the server

通过ncSome of the contents of a text class,in the process of electronic forensics,In fact, there is a typical scenario where it should be,After one end of the connection is terminated,both sides will terminate

比如说,我要对B这一台,electronic forensics,This one was hacked,I want as little as possible,Do not modify the contents of the files in the server,not to increase above,no longer go up to reduce,because the increase,will overwrite its hard drive sectors,有可能会造成,It was the hard disk,Recovery of some deleted files,There is no way to restore normally.

When conducting electronic forensics,we do everything possible,in the audited object,Audit on the target system,Modify as little as possible,系统上,Some limited conditions,Avoid destroying evidence

We can on your own computer,Open a listening port first,then on the target system,查一下,inside the current directory,所有的内容

ls -l

The extracted information,i hope notBComputers save,而是直接通过nc,传到A电脑上的nc服务端

The role of having a pipe is,put the output of the previous command,as the input of the following command

nc -l -p 333
ls -l | nc -nv 192.168.42.128 333

We can use this command,运行之后,所得的结果,Direct input to the far side of the server,侦听的nc 333端口

The result after execution is displayed inA的电脑上,This is during the audit,When conducting electronic audits remotely,a standard exploitnc,how to collect,同时,We can on the system of the audit,Do a lot of system collection

这个时候,on the remote computer

nc -l -p 333

下面,I need to collect process information on the system,Check the process inside,Are there any suspicious processes

pa -axu

I would like to have the information collected,By the name of the command used,to save it toA电脑上

nc -l -p 333 > ps.txt

这个命令的意思是,我在本地,监听333端口,If there is incoming information,I save it directly tops.txt里面去

ps -aux | nc -nv 192.168.42.128 333 -q 1

加上-q 1,Indicates that after the command is executed,两台ncEstablished connection will automatically break,ps的信息内容,After the transfer is complete,等上1秒钟,就自动断开连接,Indicates that the task has been completed

It's disconnected here,我们ls看一下

ls
cat ps.txt

这就是BComputer current process information,通过这种方式,we can on the audited object,Collection without modification,information on the system,当然,电子取证,is to collect more additional information