Wednesday, 30 July 2008

Vulnerability Scanning with Netcat

Netcat has a number of pre-existing scripts that can allow it to act as a simple vulnerability scanner. It does this by connecting to the port to be tester, entering data to test a vulnerability and returning the result.

A number of the commonly available test scripts include those for:

  1. RPC (Remote Proceedure Calls) - both the *NIX (Port 111) and Windows (Port 135) versions
  2. FTP (proxy tests, PASV bugs etc)
  3. Password testing (along the lines of Brutus) - that is you can try a dictionary attack and test a systems passwords.
  4. Map and export a file system
  5. Test trust relationships (such as the "R" commands)
  6. SSL - yes tere is an SSL capable version of netcat and it can be used to test SSL links
  7. A Web and CGI scanner
  8. Many more ...

Reporting the results is another issue - but what the hell... you kinow that the vulnerability is there.

Then there is scripting again:
# `perl –e ’print “A”x1024’` nc -v

A little fuzzing never hurt... But then again.

This all goes to show who a simple command can be made into a truely powerful tool.

No comments: