Listening for hackers (NC day 3)
Results 1 to 3 of 3

Thread: Listening for hackers (NC day 3)

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786

    Listening for hackers (NC day 3)

    Net Cat (day3)

    In this installment Im going show you how to use NC as a key-logger against a would be intruder. An IDS or a honeypot if you will. The purpose in this is to help you to understand whats going on when you see those ZA alerts. Maybe even learn something about how hackers hack.

    For this youll need:

    A computer running windows (theres enough *nix nc tuts)

    NetCat

    Netcat does come with the option to dump input data from the port its monitoring into a file in hex format:

    nc L p37337 0logfile.txt

    This is alright except that everytime a new conection is made the file is overwritten.

    If we instead re-direct the input to a file using >>:

    Nc L p37337 >>logfile.txt

    Well get the results of every command entered from all sessions seperated by an ascii 'box'.

    Well begin by writing a batch file useing the most popular ports and put it in the start-up directory. (nc is already in the path of course)

    It doesnt matter if you dont have these service, you dont need them to listen on the ports.


    Ids.bat

    +=+=+=+=+=+=+=+=+=+=+=+

    nc L p21 d >>c:\FTP_NC.txt
    nc L p23 d >>c:\Telnet_NC.txt
    nc L p25 d >>c:\SMTP_NC.txt
    nc L p79 d >>c:\Finger_NC.txt
    nc L p80 d >>c:\Web_NC.txt
    nc L p443 d >>c:\WebSSL_.txt
    nc L p8080 d >>c:\Proxy_NC.txt
    nc L p512 d >>c:\Rexec_NC.txt
    nc L p513 d >>c:\Rlogin_NC.txt
    nc L p514 d >>c:\Rsh_NC.txt
    nc L p31337 d >>c:\BO_NC.txt
    +=+=+=+=+=+=+=+=+=+=+=+

    Here were telling nc to keep listening for more connections after each session ends ( "-L" ). What port to listen on ( -p ) and detach itself from the te console so it doesnt require all the prompts open to do its work ( "-d" ).

    You can include all the ports you want or take them out for that matter. Netcat does not use allot of system resources.

    After the bat file is run nc will wait for a connection on each port its told. To see whats been happening on each port just open its related text file.

    Heres another bat file you can put in quick-launch to make reading the logs easier:

    View_NC

    =+=+=+=+=+=+=+=+=+=+=+
    Type c:\FTP_NC.txt >>c:\All_NC.txt
    Type c:\Telnet_NC.txt >>c:\All_NC.txt
    Type c:\SMTP_NC.txt >>c:\All_NC.txt
    Type c:\Finger_NC.txt >>c:\All_NC.txt
    Type c:\Web_NC.txt >>c:\All_NC.txt
    Type c:\WebSSL_.txt >>c:\All_NC.txt
    Type >>c:\Proxy_NC.txt >>c:\All_NC.txt
    Type >>c:\Rexec_NC.txt >>c:\All_NC.txt
    Type >>c:\Rlogin_NC.txt >>c:\All_NC.txt
    Type >>c:\Rsh_NC.txt >>c:\All_NC.txt
    Type >>c:\BO_NC.txt >>c:\All_NC.txt
    Notepad c:\All_NC.txt
    =+=+=+=+=+=+=+=+=+=+=+=+

    Enjoy!

    TedOb1
    Bukhari:V3B48N826 The Prophet said, Isnt the witness of a woman equal to half of that of a man? The women said, Yes. He said, This is because of the deficiency of a womans mind.

  2. #2
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    Good tutorial TedOb1.
    It was high time to write tutorials here about such an important software.
    Life is boring. Play NetHack... --more--

  3. #3
    Gray Haired Old Fart aeallison's Avatar
    Join Date
    Jul 2002
    Location
    Buffalo, Missouri USA
    Posts
    888

    Links?

    Great tut Tedob1... I guess I'm just sandbagging (I saw this referenced in an earlier thread...not really sure what it means )

    This part got me interested. Especially since I am a *nix idiot and this is for a win32 app

    I am going to try to locate the first two parts of this ( I assume this is an ongoing...)

    There I go again, I'll look it up
    I have a question; are you the bug, or the windshield?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •