Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: nc help needed.

from [Johannes Lichtenberger] Network Security [Permanent Link]
Subject: Re: nc help needed.
Date: Sat, 25 Sep 2004 17:37:29 +0200 
Michael Shirk wrote:

You say you are trying to connect to a destination, but these commands will setup a server on your local win2k box. The syntax is different to connect out to a destination. Google netcat command line options and you get the readme file: I found the syntax you are using, and here is what it is used for -------------------------------------------------------------------------------------------------------
You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports. You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot. --------------------------------------------------------------------------------------------------
Now, I would ask what your purpose is. If you are trying to see if the windows 2000 box allows null sessions, then use a tool like enum to enumerate information from a null session. However, if you actually want to make netcat listen for connections ahead of the NETBIOS service, then I would ask if anyone else has got this to work. I get the same thing in Win2K. Obviously it worked in WinNT (but doesn't everything work in WinNT?


SO_EXCLUSIVEADDRUSE should have been set by the services. Probably, as you sayd, it's working with the old NT 4.

[LUNA] C:\>netstat -ano | find "445"
 TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
 TCP    192.168.69.253:445     192.168.69.253:1035    ESTABLISHED     4
 TCP    192.168.69.253:445     213.6.21.64:4758       ESTABLISHED     4
 TCP    192.168.69.253:445     213.137.25.119:3694    ESTABLISHED     4
 TCP    192.168.69.253:1035    192.168.69.253:445     ESTABLISHED     4
 UDP    0.0.0.0:445            *:*                                    4

[LUNA] C:\>nc -l -p 445 -s 192.168.69.253
Can't grab 192.168.69.253:445 with bind

With Direct SMB and Windows Server 2003 it's really not working ;-)


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Conferences..., Ravi Kumar
Next by Date:  Re: Corporate Web based email - threats, roger . smith
Previous by Thread:  RE: nc help needed., Michael Shirk
Next by Thread:  RE: nc help needed., Fields, James
Indexes:  [Date] [Thread] [Top] [All Lists]