You say you are trying to connect to a destination, but these commands will
setup a server on your local win2k box. The syntax is different to connect out
to a destination.
Google netcat command line options and you get the readme file:
I found the syntax you are using, and here is what it is used for
-------------------------------------------------------------------------------------------------------
You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports.
You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the
machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot.
--------------------------------------------------------------------------------------------------
Now, I would ask what your purpose is. If you are trying to see if the windows
2000 box allows null sessions, then use a tool like enum to enumerate
information from a null session. However, if you actually want to make netcat
listen for connections ahead of the NETBIOS service, then I would ask if anyone
else has got this to work. I get the same thing in Win2K. Obviously it worked
in WinNT (but doesn't everything work in WinNT?)
Shirkdog
-----Original Message-----
From: vijay@calsoftinc.com [mailto:vijay@calsoftinc.com]
Sent: Thursday, September 23, 2004 11:22 AM
To: security-basics@securityfocus.com
Subject: nc help needed.
Importance: Low
Hi,
Trying to use the nc command from a windows 2k box :
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
The error given is : Can't grab xxx.xxx.xxx.xxx:139 with bind.
s -> destination host where the null sessions on 139 are accepted.
Any clue, how to to get the cmd working on the remote host ?
Regards,
Vijay.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
