AdSense

Friday, September 30, 2016

NETCAT / 6 - Ncat - Encryption and Authentication


ENCRYPTION AND AUTHENTICATION



- Layout topology for this exercise:




- In this exercise encryption is used to avoid eavesdropping and IDS detection. Also, authentication ensures that only the desired partner is able to establish the connection.

- The command structure is similar to the usual bind shell with the only differences of using ncat for the command, --ssl for encryption, and --allow for authentication.

- Windows specifies that the only allowed host to communicate via ncat with him will be the Kali machine, and also that the connection will be encrypted:




- Kali launches the connection also with --ssl encryption:





NETCAT / 5 - Transferring files



TRASFERRING FILES WITH NETCAT


- Layout topology for this exercise:




- In this exercise Netcat is used to transfer files (either text or binary) between two hosts. 


1 - From Linux to Windows


- Windows listens on port 4444, and redirects all incoming data to a file called IN. 




- Then, Kali sends the file with path "/root/FileWindows" to Windows on port 4444:








- The transfer is successful:





2 - From Windows to Linux


- Linux listens on port 4444, and redirects all incoming data to a file called IN. 




- Windows sends the file FileForLinux to Kali on port 4444:




- The transfer is successful:





NETCAT / 4 - Connection to a TCP/UDP port and analysis with Wireshark


CONNECTION TO A TCP/UDP PORT AND ANALYSIS WITH WIRESHARK

- Layout topology for this exercise:


















- Netcat is able to connect to a port, checking whether it is open or closed, and also reading the banner from that port. In this exercise, let's use Netcat to connect to a remote POP3 mail service, running on a Windows 7 machine on port 110. 




- A nc connection is launched from Kali Linux to Windows on port 110 (POP3). The output shows that the connection is successful, and a dialogue is started between client (Kali Linux) and server (W7). The server displays the welcome banner (POP3 server ready), waiting for a USER and PASS. In this case the login attempt fails because the password is unknown, but a further password attack could be used for authentication.




- Analysis with Wireshark is always interesting. First, a filter is set to avoid all the noisy info output that Wireshark would probably produce: tcp port == 110




- It is easy to follow the three-way-handshale TCP connection process. 
SYN (initiates the three-way-handshake):



- SYN, ACK:




- ACK:




- FIN, ACK (closing the connection):




- Following the TCP stream:






NETCAT / 3 - Reverse Shell


NETCAT REVERSE SHELL

- Layout topology for this exercise:


- In this case Netcat is used for remote administration, sending a reverse shell to a listening host. A reverse shell would be useful when a router or firewall is present between the two hosts. 

- The fact that the remote shell is sent across a corporate router or firewall warns about the recommendation that outgoing traffic from a network should be watched as carefully as incoming traffic.


3.1 - Reverse shell from Kali to Windows

- Windows is listening on port 4444:





- Kali sends to Windows's port 4444 a reverse shell (-e /bin/bash), meaning that all stdin, stdout and stderr will be redirected to Windows, instead of redirecting them to the default console:










- As a consequence, after the connection is established, Windows enjoys a command shell from Kali, being able to perform a remote administration:




3.2 - Reverse shell from Windows to Kali


- In the same way than before, now Kali is listening on port TCP 4444:


- Windows sends to Kali a reverse shell (-e cmd.exe)  to port 4444


- As a consequence, Kali is able to administrate remotely Windows, because a Windows command line prompt is opened in its own console:









NETCAT / 2 - Bind Shell


NETCAT BIND SHELL

- Layout topology for this exercise:

















- In this exercise Netcat is used for remote administration, taking advantage of Netcat's command redirection abilities. 


2.1 - Bind shell on Kali Linux and connection from Windows


- The option -e specifies a filename to be executed after connection. 

- In this way, /bin/bash is bound to port TCP 4444, redirecting any input (stdin), output (stdout) and error (stderr) from /bin/bash to the network, instead of redirecting them to the default console. 







- The consequence is that anybody connecting to port TCP 4444 will be able to use Kali's command prompt, enabling remote administration:






2.2 - Bind shell on Windows and connection from Kali Linux

- In the same way than before, Windows binds cmd.exe command to port TCP 4444, redirecting stdin, stdout, stderr to the network:




- As a consequence, when Kali connects to Windows's port 4444 achieves a command prompt from Windows, enabling remote administration:






NETCAT / 1 - Chat between 2 hosts


CHAT BETWEEN 2 HOSTS

- Layout topology for this exercise:




- In this exercise a communication is established between two hosts, using Netcat. 

- First, Kali listens on its port 4444. Then, Windows launches a connection to Kali's IP on port 4444 and the dialog is started. Linux answers, etc ..., until the chat is closed. Used options are:

         - n = no name addressing conversion
         - l = listening for inbound connection
         - v = verbose
          -p = local port number

- From Linux:













- From Windows:












NETCAT / 0 - Introduction


NETCAT INTRODUCTION

- Netcat is a networking utiltiy for reading and writing directly to TCP/UDP ports. Also known as the Swiss Army Knife for hackers, it can be used both on Windows and Linux systems. Netcat can be run either as a client (reading from a port) or as a server (writing to a port), which converts it into a powerful and versatile tool that allows hackers and ethical penetration testers to perform several tasks.  

https://en.wikipedia.org/wiki/Netcat

http://nc110.sourceforge.net/

https://sourceforge.net/projects/nc110/


- There are two versions of Netcat:

nc: described above.

ncat: improved version of nc that adds two features of security: encryption and authentication. In this way the penetration tester can avoid being detected by IDS (Intrusion Detection System) and also exposition to undesired possible observers.

- Along this section we will see how to use Netcat by performing different exercises:

          1 - Chat between two hosts

          2 - Reverse shell

          3 - Bind shell

          4 - Connection to a TCP/UDP port and analysis  with Wireshark

          5 - Transfer of files

          6 - Ncat: encryption and authentication



- Regarding Linux, Netcat is usually preinstalled and configure by default, for instance at Kali Linux distro. For installing Netcat in Windows systems, any user can find several webs along the Internet where free downloads are available.


- Help and available options for both versions of Netcat in a Windows system:





























































- Help and available options for both versions of Netcat in a Linux system:








- Layout topology used for these exercises: