In NetCat Day One i said I would illustrate how to script nc sessions. None of the ones listed can be considered hacking into a server but still might cause you to get dumped by your isp so use your head. But these tuts wouldn't be complete without explaining how nc scripts work


FTPSCAN: attempts an anoymous logon to a list of ftp servers

ftpscan.txt
=+=+=+=+=+=+=+=+
user anonymous
pass BGates@ms.com
foo
bye
=+=+=+=+=+=+=+=+

cmd line:

for /f "tokens=1" %x IN (c:\ftplist) DO nc -vv %x 21 <ftpscan.txt |more >>c:\ftpanon.txt

the above command must be made on one line. The results are saved to c:\ftpanon.txt


if the output file is large use the edit>>find option in notepad to find entrys containing the string "foo". Because for the word to appear in ftpanon.txt nc had to be logged in.

the "for" command will not work in win9x you must be using NT or above. The nc script will however work without it:

nc -vv xxx.xx.xxx.x 21 <ftpscan.txt |more >>ftpanon.txt


Heres one to help enumerate web servers on a given list:

webenum.txt
=+=+=+=+=+=+=+=+
GET /http/1.0

=+=+=+=+=+=+=+=+

http protocol dictates two "\n" or new line characters at the end of a request in order to get a response so include a blank line after the get statement (hit enter twice after typing it in and save)

cmd line:

for /f "tokens=1" %x IN (c:\wwwlist) DO nc -vv %x 80 <wwwscan.txt |more >>websvrs.txt

the same command would work on 1214

there was a post on AO by nebulus200
http://www.antionline.com/showthread...066#post596630
regarding the detection of servers vulnerable to XTS (cross trace scripting). The signiture of this prank has been released for IDS devices like snort. So i really would recomend you be careful using this one but here's how it works:

trace.txt
=+=+=+=+=+=+=+=+
TRACE / HTTP/1.0
X-Header: test

=+=+=+=+=+=+=+=+

for /f "tokens=1" %x IN (c:\wwwlist) DO nc -vv %x 80 <wwwscan.txt |more >>websvrs.txt

Well that sums it up for this series of netcat tutorials.

hope you learned something from them