20多年来,黑客一直使用一种小而强大的工具来进行各种活动。虽然在黑客圈子中众所周知,Netcat在外面几乎是未知的。它非常简单,强大且实用,IT社区中的许多人都将其称为“瑞士军刀黑客工具”。我们将了解Netcat的功能以及有抱负的黑客如何使用它。
什么是Netcat?
像许多黑客工具一样,Netcat被创建为网络分析工具。Netcat 于1995年由一位名为“Hobbit”的研究员开发,在没有任何补偿的情况下给了IT社区,获得了许多赞誉。尽管仍然有用,但它尚未得到维护,因此Nmap生成了具有更多最新功能的现代版本。新版本称为Ncat,并且在大多数情况下,它具有与Netcat相同的命令,因此它们可以互换使用。您可以使用Netcat或Ncat在您希望的任何端口上打开两台计算机之间的TCP和UDP连接。此外,这些工具可用于端口扫描,类似于Nmap。Netcat和Ncat可以用于端口转发,代理,简单的Web服务器,并为黑客留下一个开放的后门。
让我们看一下使用Kali Linux中Netcat的一些功能。Netcat需要安装,但Ncat不需要。要安装其中一个,只需使用以下命令之一。
apt-get install netcat
apt-get install ncat
步骤1:打开Netcat的帮助屏幕
一旦我们启动了Kali Linux系统并打开了一个终端,我们可以从任何目录使用Netcat,因为它位于我们的bin目录中,默认位在我们的PATH变量中。所以,让我们输入nc -h来查看其帮助页面。
nc -h
[v1.10-41.1]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-k set keepalive option on socket
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of secs
-s addr local source address
-T tos set Type Of Service
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-C Send CRLF as line-ending
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').
这是针对Ncat的:
ncat -h
Ncat 7.70 ( https://nmap.org/ncat )
Usage: ncat [options] [hostname] [port]
Options taking a time assume seconds. Append 'ms' for milliseconds,
's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms).
-4 Use IPv4 only
-6 Use IPv6 only
-U, --unixsock Use Unix domain sockets only
-C, --crlf Use CRLF for EOL sequence
-c, --sh-exec <command> Executes the given command via /bin/sh
-e, --exec <command> Executes the given command
--lua-exec <filename> Executes the given Lua script
-g hop1[,hop2,...] Loose source routing hop points (8 max)
-G <n> Loose source routing hop pointer (4, 8, 12, ...)
-m, --max-conns <n> Maximum <n> simultaneous connections
-h, --help Display this help screen
-d, --delay <time> Wait between read/writes
-o, --output <filename> Dump session data to a file
-x, --hex-dump <filename> Dump session data as hex to a file
-i, --idle-timeout <time> Idle read/write timeout
-p, --source-port port Specify source port to use
-s, --source addr Specify source address to use (doesn't affect -l)
-l, --listen Bind and listen for incoming connections
-k, --keep-open Accept multiple connections in listen mode
-n, --nodns Do not resolve hostnames via DNS
-t, --telnet Answer Telnet negotiations
-u, --udp Use UDP instead of default TCP
--sctp Use SCTP instead of default TCP
-v, --verbose Set verbosity level (can be used several times)
-w, --wait <time> Connect timeout
-z Zero-I/O mode, report connection status only
--append-output Append rather than clobber specified output files
--send-only Only send data, ignoring received; quit on EOF
--recv-only Only receive data, never send anything
--allow Allow only given hosts to connect to Ncat
--allowfile A file of hosts allowed to connect to Ncat
--deny Deny given hosts from connecting to Ncat
--denyfile A file of hosts denied from connecting to Ncat
--broker Enable Ncat's connection brokering mode
--chat Start a simple Ncat chat server
--proxy <addr[:port]> Specify address of host to proxy through
--proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5")
--proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server
--ssl Connect or listen with SSL
--ssl-cert Specify SSL certificate file (PEM) for listening
--ssl-key Specify SSL private key (PEM) for listening
--ssl-verify Verify trust and domain name of certificates
--ssl-trustfile PEM file containing trusted SSL certificates
--ssl-ciphers Cipherlist containing SSL ciphers to use
--ssl-alpn ALPN protocol list to use.
--version Display Ncat's version information and exit
See the ncat(1) manpage for full options, descriptions and usage examples
步骤2:获取基本语法
从上面的帮助屏幕中可以看到,Netcat的基本语法如下。(如果使用Ncat而不是Netcat,将使用nc代替ncat。本文其余部分均使用nc)
连接到另一台机器:
nc options host-IP-address port
侦听入站连接:
nc -l -p port