-
April 2nd, 2004, 09:25 AM
#11
Also, leaving netcat listening without restriction can pose a HUGE security risk.
so, only execute the listening command when you will connect within a short period of time
yes i know...
but this only is on a lan with no access to the i-net, so the risk should be coming from the inside then...
but suppose the system was able to access i-net, is there any possiblity then to get a cmd after entering a specific password?
-
April 2nd, 2004, 09:40 AM
#12
Member
I'm sure that win2k has some kind of "remote" administration feature. That's the entire point of terminal services. I know that XP has remote assistance and remote desktop, but that doesn't help you.
One fun way would be to use a remote admin program like bo2k. Problem is, BO2K is actually a well known trojan that lots of crackers love to use. Sub-7 would also do the trick, except again for the trojan aspect.
Don't forget that many black-hat tools can be used for good. Just don't use any default settings. I'm sure some skiddy in the past attempted to use bo2k in a good way, but left the default settings. Next thing he knows, it's time to FFR (Fdisk, Format, Re-install). Wait that wasn't some skiddy, that was me 3 years ago.
I'd suggest doing a google for remote administration or plug it into the search field here on AO
You are so bored that you are reading my signature?
-
April 2nd, 2004, 05:59 PM
#13
i know both of the tools but our virusscanner knows them also
so that wouldn't help me...
but i already thought about using that kind of tools, but i like the standard command prompt, and i want to learn more about nc and the command-line power, so this is the right thing for me...
but thanks for the thought...
-
April 2nd, 2004, 06:28 PM
#14
Senior Member
i've heard that there is out an unofficial version of netcat supporting user/pass verification.
(could be possible 'cos sources are public)
i will try to get it...
-
April 2nd, 2004, 10:22 PM
#15
Member
there is a way if you know how to program. You could create a program that asks for a password then can execute a cmd shell. It would be pretty easy to do half-assed. I might create a qbasic program that would work and post it here later. But a cracker could probably intercept the program as netcat sends it, then could de-compile the program and figure out how everything works. Using VB (visual basic) you could create a server app that waits until a client program sends a valid password, then could validate the execution of nc -e cmd. But that is really beyond my VB experience. I might work on it, though.
You are so bored that you are reading my signature?
-
April 4th, 2004, 11:11 AM
#16
i know how to write a program that asks for a password in c++ but i don't know yet how to execute another one with c++, it should be something with system, but i haven't been able to get it to work yet....
-
April 5th, 2004, 04:09 AM
#17
Well, for that purpose, I always use Cygwin's sshd (www.cygwin.com) as ssh server and Putty (www.chiark.greenend.org.uk/~sgtatham/putty) as ssh client.
The traffic is strongly encrypted, it asks you username and password (if you configure it to) or uses your own's private key, no limit in the number of connection hops (A -> B, B -> C, C -> D, etc), no programming required, and it's still free.
But it's just me.
Peace always,
<jdenny>
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds
-
April 5th, 2004, 06:51 PM
#18
i'll go check that out, thanks jdenny...
-
April 5th, 2004, 08:48 PM
#19
You are probably better off using SSH for this sort of work, it is designed for this sort of thing, and has security in mind. Public/Private keypair auth is the way to go IMHO.
Some links:
PuTTY (SSH Client for Win32): http://www.chiark.greenend.org.uk/~sgtatham/putty/
Good General Links to Various SSH Stuff for Win: http://freessh.org/windows.html
Payware SSH for Win: http://www.ssh.com/company/sales/store/
The latter may not hold your interest, but IME it is by far the easiest to install and setup for Windows.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
April 6th, 2004, 12:12 AM
#20
I came in to the world with nothing. I still have most of it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|