Ceci est une ancienne révision du document !
In issue FCM#144, we had a look at basic netcat. In this issue, we will take a deeper look at netcat. Josh, your wish is our command. Feel free to reach out to us on e-mail or Telegram if there is anything you would like to see more of in FCM. Also, feel free to make a donation to Patreon - https://www.patreon.com/fullcirclemagazine. That said, we shall waste no more time and go for the jugular!
Port scan We will be scanning http://scanme.nmap.org/. Please, if you want to scan anything besides this, make sure you own the machine. We do not want our readers in the charge office. So our terminal code should read: nc -vz scanme.nmap.org 22 25 443 This scans 3 common ports at once (more, if you would like!). You can refer to our previous article on netcat regarding ports. Instead of me spelling out the options, your homework will be to look them up in the man page. If you would like to scan a range of ports, you simply type the range: nc -vz scanme.nmap.org 1-100 This is not the only way to scan with netcat. You can scan via the service name too. In the terminal, type: nc -vz scanme.nmap.org ssh Like before, you can string multiple service ports together, but you will get results only from open ports.
Banner grabbing. Port scanning is all well and good, for known ports; what about unknown ports? How do we figure out what services are running on those ports? That is where banner grabbing comes in. Banner grabbing nets you information on open ports on a computer. If you are a new administrator, it is a neat way to find out what is happening on the systems you are taking over. Hackers use it to find exploits on services running on those ports. There is a search engine called Shodan that lets you search computers by type, that searches by banner: https://www.shodan.io/ If you look up the -v option in the man page, you see it is verbose. The -z option limits it slightly, so leaving it off will get the banner from that port printed to your terminal. Many times, you can guess the function of the port, as people are lazy and port 22 just gets remapped to port 2222.
Why do you need to know this about your servers? Because this is how servers get hacked. As per Josh’s request, I will briefly try to explain how hackers use netcat to actually hack a server. The most common uses for netcat, when it comes to hacking, is setting up reverse and bind shells, piping and redirecting network traffic, port listening, and banner grabbing (which we have covered). Yes, all of this and more is possible with netcat! Once you see and understand how hackers compromise your systems, you can take preventative measures. If you do not have a decent internet connection at home, or would prefer to follow along offline, you can download an insecure VM image and practice against that. I use the metasploit one, but you are welcome to use another. Here are a few: https://pdrcybersecurity.com/10-sites-find-vulnerable-vms-testing/ or https://www.vulnhub.com/
Netcat is best used with other tools like nmap or metasploit, but since we will be focusing on netcat, I will break this information piece into three parts. Next issue we will look at creating backdoors and reverse shells. AGAIN! I do not know what the laws in your country are, but do not scan outside your network as it may be illegal in your country or state. Yes, just simple port scans can be illegal. If in doubt, use the insecure virtual machine please.