January 24th, 2003, 11:34 PM
Listening for hackers (NC day 3)
Net Cat (day3)
In this installment I’m going show you how to use NC as a key-logger against a would be intruder. An IDS or a honeypot if you will. The purpose in this is to help you to understand whats going on when you see those ZA alerts. Maybe even learn something about how hackers hack.
For this you’ll need:
A computer running windows (there’s enough *nix nc tuts)
Netcat does come with the option to dump input data from the port its monitoring into a file in hex format:
nc –L –p37337 –0logfile.txt
This is alright except that everytime a new conection is made the file is overwritten.
If we instead re-direct the input to a file using “>>”:
Nc –L –p37337 >>logfile.txt
We’ll get the results of every command entered from all sessions seperated by an ascii 'box'.
We’ll begin by writing a batch file useing the most popular ports and put it in the start-up directory. (nc is already in the path of course)
It doesn’t matter if you don’t have these service, you don’t need them to listen on the ports.
nc –L –p21 –d >>c:\FTP_NC.txt
nc –L –p23 –d >>c:\Telnet_NC.txt
nc –L –p25 –d >>c:\SMTP_NC.txt
nc –L –p79 –d >>c:\Finger_NC.txt
nc –L –p80 –d >>c:\Web_NC.txt
nc –L –p443 –d >>c:\WebSSL_.txt
nc –L –p8080 –d >>c:\Proxy_NC.txt
nc –L –p512 –d >>c:\Rexec_NC.txt
nc –L –p513 –d >>c:\Rlogin_NC.txt
nc –L –p514 –d >>c:\Rsh_NC.txt
nc –L –p31337 –d >>c:\BO_NC.txt
Here we’re telling nc to keep listening for more connections after each session ends ( "-L" ). What port to listen on ( “-p” ) and detach itself from the te console so it doesn’t require all the prompts open to do its work ( "-d" ).
You can include all the ports you want or take them out for that matter. Netcat does not use allot of system resources.
After the bat file is run nc will wait for a connection on each port its told. To see whats been happening on each port just open its related text file.
Heres another bat file you can put in quick-launch to make reading the logs easier:
Type c:\FTP_NC.txt >>c:\All_NC.txt
Type c:\Telnet_NC.txt >>c:\All_NC.txt
Type c:\SMTP_NC.txt >>c:\All_NC.txt
Type c:\Finger_NC.txt >>c:\All_NC.txt
Type c:\Web_NC.txt >>c:\All_NC.txt
Type c:\WebSSL_.txt >>c:\All_NC.txt
Type >>c:\Proxy_NC.txt >>c:\All_NC.txt
Type >>c:\Rexec_NC.txt >>c:\All_NC.txt
Type >>c:\Rlogin_NC.txt >>c:\All_NC.txt
Type >>c:\Rsh_NC.txt >>c:\All_NC.txt
Type >>c:\BO_NC.txt >>c:\All_NC.txt
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 24th, 2003, 11:56 PM
Good tutorial TedOb1.
It was high time to write tutorials here about such an important software.
Life is boring. Play NetHack... --more--
January 25th, 2003, 01:44 AM