How Netcat Can Be Used During a Pentest
Shell access on a Unix-type server lets you send commands to a target as a user of the system and get a response back (standard input to a shell and standard output from that shell). This shell service is limited; some commands will work and others will not. Windows shell access has a similar limited command structure, and in this article, I will explore how to navigate shell access and give some interesting tips as well.
To demonstrate how a raw connection works we will issue some FTP commands after we’re connected to the target host on the FTP service. Let’s see if anonymous access is allowed on this FTP server by issuing the USER and PASS command followed by anonymous. Service banners are often used by system administrators for inventory taking of systems and services on the network. The service banners identify the running service and often the version number too. Banner grabbing is a technique to retrieve this information about a particular service on an open port and can be used during a penetration test for performing a vulnerability assessment. When using Netcat for banner grabbing you actually make a raw connection to the specified host on the specified port. When a banner is available, it is printed to the console. Let’s see how this works in practice. Netcat is a great network utility for reading and writing to network connections using the TCP and UPD protocol. Netcat is often referred to as the Swiss army knife in networking tools and we will be using it a lot throughout the different tutorials on Hacking Tutorials. Most common use for Netcat when it comes to hacking is setting up reverse and bind shells, piping and redirecting network traffic, port listening, debugging programs and scripts and banner grabbing.
To sum up, Netcat is a robust transmission control protocol (TCP/Internet Protocol (IP) utility that can handle a multitude of system- and network-related functions. This chapter focuses on some common ways to use Netcat during the network penetration testing process. Netcat can help keep a foothold once a system has been exploited. Netcat port scanning and service identification capabilities as well demonstrates how to obtain Web server application information. How to test and verify outbound firewall rules are considered and how detection can be avoided by using antivirus software and the Window Firewall are also discussed. A useful feature of Netcat is the ability to connect to a service in an attempt to identify version information by triggering a response from the service banner. Banner grabbing can be applied to many different services.