|
http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=635 [º¹»ç]
NetcatÀÇ ¼Ò°³
Netcat(ÀÌÇÏ nc·Î Ç¥±â)Àº Network connection ¿¡¼ raw-data read, write¸¦ ÇÒ¼ö ÀÖ´Â À¯Æ¿¸®Æ¼ ÇÁ·Î±×·¥ÀÌ´Ù. ÀϹÝÀûÀ¸·Î´Â UNIXÀÇ cat°ú ºñ½ÁÇÑ »ç¿ë¹ýÀ» °¡Áö°í ÀÖÁö¸¸ catÀÌ ÆÄÀÏ¿¡ ¾²°Å³ª ÀеíÀÌ nc´Â network connection¿¡ Àаųª ¾´´Ù. ÀÌ°ÍÀº ½ºÅ©¸³Æ®¿Í º´¿ëÇÏ¿© network¿¡ ´ëÇÑ debugging, testing tool·Î½á ¸Å¿ì Æí¸®ÇÏÁö¸¸ ¹Ý¸é ÇØÅ·¿¡µµ ÀÌ¿ë¹üÀ§°¡ ¸Å¿ì ³Ð´Ù.
Options
--------------------------------------------------------------------------
usage: nc [options] [target host] [ports]
-n : È£½ºÆ® ³×ÀÓ°ú Æ÷Æ®¸¦ ¼ýÀڷθ¸ ÀԷ¹޴´Ù.
-v : verbosity ¸¦ Áõ°¡ ½ÃŲ´Ù. ´õ ¸¹Àº Á¤º¸¸¦ ¾òÀ»¼ö ÀÖ´Ù.
-o [filename]: º¸³»°Å³ª ¹ÞÀº µ¥ÀÌÅ͸¦ Çí½º´ýÇÁÇÏ¿© ÆÄÀÏ¿¡ ÀúÀåÇÑ´Ù.
-u : TCP connection ´ë½Å¿¡ UDP connection ÀÌ ÀÌ·ç¾î Áø´Ù.
-p [port number or name]: local-port ¸¦ ÁöÁ¤ÇÑ´Ù. ÁÖ·Î -l °ú °°ÀÌ »ç¿ëÇÏ°Ô µÈ´Ù.
-s [ip address or DNS]: local ip address ¸¦ ÁöÁ¤ÇÑ´Ù. ¸ðµç Ç÷¿Æû¿¡¼ Áö¿øµÇÁö´Â ¾Ê´Â´Ù.
-l : listen ¸ðµå·Î ncÀ» ¶ì¿ì°Ô µÈ´Ù. ´ç¿¬È÷ target host´Â ÀÔ·ÂÇÏÁö ¾Ê´Â´Ù. -p¿Í °°ÀÌ »ç¿ëÇÏ°Ô µÈ´Ù. nc¸¦ server ·Î¼ ¾µ¶§ »ç¿ë.
-e [filename]: -DGAPING_SECURITY_HOLE ¿É¼ÇÀ¸·Î Make µÇ¾úÀ» ¶§ »ç¿ë°¡´ÉÇÏ´Ù.
connection ÀÌ ÀÌ·ç¾î Á³À» ¶§ fileÀ» exec ½ÃŲ´Ù. -l °ú °°ÀÌ »ç¿ëµÇ¸é ÇÑ instance¸¸À» »ç¿ëÇÏ´Â inetd¿Í ºñ½ÁÇÏ´Ù.
-t : -DTELNET ¿É¼ÇÀ¸·Î ÄÄÆÄÀÏ µÇ¾úÀ» ¶§ »ç¿ë°¡´ÉÇÏ´Ù. telnetd¿¡ Á¢¼ÓÀÌ °¡´ÉÇϵµ·Ï
Á¢¼Ó½Ã telnet°ú °°Àº Çù»ó°úÁ¤À» °ÅÄ£´Ù.
-i [interval time]: nc´Â ÀϹÝÀûÀ¸·Î 8K ¾¿ µ¥ÀÌÅ͸¦ º¸³»°í ¹Þ´Âµ¥ ±×·¸°Ô Standard inputÀÇ ÇÑ ¶óÀξ¿ interval time¸¶´Ù º¸³»°Ô µÈ´Ù.
-z : connectionÀ» ÀÌ·ç±âÀ§ÇÑ ÃÖ¼ÒÇÑÀÇ µ¥ÀÌÅÍ ¿Ü¿¡´Â º¸³»Áö ¾Êµµ·Ï ÇÏ´Â ¿É¼Ç.
-r : port ÁöÁ¤ÀÌ ¿©·¯°³·Î µÇ¾î ÀÖÀ¸¸é À̶§ scanning ¼ø¼¸¦ randomizeÇÏ°í (ÀϹÝÀûÀ¸·Î ¹üÀ§·Î ÁöÁ¤ÇÏ¸é ³ôÀº ¹øÈ£ÀÇ Æ÷Æ®ºÎÅÍ ½ºÄµÇÑ´Ù) ¶ÇÇÑ -p ¿É¼Ç¿¡¼ ÁöÁ¤°¡´ÉÇÑ local portµµ randomizeÇÑ´Ù. À̶§ ÁÖÀÇ ÇÒ °ÍÀº -p°¡ -rÀ» override ÇÑ´Ù´Â °ÍÀÌ´Ù.
-g : ??
-G : ??
Using
--------------------------------------------------------------------------
multi-port connection
nc´Â ÇÑ È£½ºÆ®¿¡ ÇÑ ¹ø¿¡ ¿©·¯ connection À» ¸¸µé¼ö ÀÖ´Ù. ÀÌ ¶§ ´ÙÀ½°ú °°ÀÌ ¿©·¯°³ÀÇ Æ÷Æ®¸¦ ±â¼úÇÒ ¼ö ÀÖ´Ù.
nc [target host] 20-30
À̶§ std inputÀ¸·Î ÀԷµǴ µ¥ÀÌÅÍ´Â ÇѲ¨¹ø¿¡ º¸³»Áö°Ô µÈ´Ù.
port scanning
target host ÀÇ ÁöÁ¤µÈ ¹üÀ§³»¿¡¼ÀÇ ¾î¶² Æ÷Æ®°¡ ¾î¶»°Ô »ç¿ëµÇ°í ÀÖ´Â °¡¸¦ °Ë»öÇÒ ¼ö ÀÖ´Ù.
nc -v -w 3 -z sparcs.kaist.ac.kr 20-30, 70-90
À§ÀÇ ¸í·ÉÀº ´ÙÀ½ °á°ú¿Í °°ÀÌ 20-30, 70-90 ±îÁöÀÇ Æ÷Æ®µé¿¡ ´ëÇÑ Á¤º¸¸¦ º¸¿©ÁØ´Ù.
sparcs.kaist.ac.kr [143.248.8.2] 25 (smtp) open
sparcs.kaist.ac.kr [143.248.8.2] 23 (telnet) open
sparcs.kaist.ac.kr [143.248.8.2] 21 (ftp) open
sparcs.kaist.ac.kr [143.248.8.2] 80 (http) open
sparcs.kaist.ac.kr [143.248.8.2] 79 (finger) open
sparcs.kaist.ac.kr [143.248.8.2] 70 (gopher) open
À̰ͺ¸´Ù ´õ ÀÚ¼¼ÇÑ Á¤º¸¸¦ ¾ò°íÀÚ ÇÒ¶§´Â
echo QUIT | nc -v -w 3 [target host] [ports]
¶ó°í Çϸé ÀÀ´äÀ̳ª ¿¡·¯¸Þ¼¼Áö·ÎºÎÅÍ ¹öÀüÁ¤º¸µîµµ ¾òÀ» ¼ö ÀÖ´Ù.
[songa@sparcs.kaist.ac.kr] ~ 13 echo QUIT | nc -v -w 3 sparcs 20-30, 70-90
sparcs.kaist.ac.kr [143.248.8.2] 25 (smtp) open
220 sparcs.kaist.ac.kr ESMTP Sendmail 8.8.7/8.8.7; Fri, 8 Jan 1999 15:21:36
+0900
221 sparcs.kaist.ac.kr closing connection
sparcs.kaist.ac.kr [143.248.8.2] 23 (telnet) open
sparcs.kaist.ac.kr [143.248.8.2] 21 (ftp) open
220 sparcs.kaist.ac.kr FTP server (Version wu-2.4.2-academ[BETA-18](1) Mon Aug 3
19:17:20 EDT 1998) ready.
221 Goodbye.
sparcs.kaist.ac.kr [143.248.8.2] 80 (http) open
sparcs.kaist.ac.kr [143.248.8.2] 79 (finger) open
finger: QUIT: no such user.
sparcs.kaist.ac.kr [143.248.8.2] 70 (gopher) open
simple data transfer agent
nc¸¦ ÀÌ¿ëÇØ °£´ÜÇÑ data Àü¼ÛÀ» ÇÒ ?ÀÖ´Ù.
receiver : nc -l -p 1234 | uncompress -c | tar xvfp -
sender : tar cfp - /some/dir | compress -c | nc -w 3 othermachine 1234
substitute of inetd
nc¸¦ ÀÌ¿ëÇØ inetd¿¡ µî·ÏÇÏÁö ¾Ê°í, º°´Ù¸¥ ³×Æ®¿÷ ¼³Á¤ ¾øÀÌ ÇÁ·Î±×·¥À» Å×½ºÆ®ÇÒ ¼ö ÀÖ´Ù.
nc -l -p [port] -e [filename]
/*test.c*/
#include < stdio.h >
main(){
getchar();
printf("<html><head></head><body>ÇáÇÏ</body></html>\n");
nc -l -p 1234 -e test
ÀÌ·¸°Ô ÇÏ¸é °£ÀÌ www server µµ µÈ´Ù.
connection redirecting
inetd.confÀ» ¾Æ·¡¿Í °°Àº Çü½ÄÀ¸·Î °íÃļ ´Ù¸¥ ¼¹ö·Î redirectingÀ» ÇÒ¼ö ÀÖ´Ù.
www stream tcp nowait /etc/tcpd /bin/nc -w 3 zero 80
À§ÀÇ °ÍÀº ÇöÀç ¼¹ö¿¡¼ http¼ºñ½º¸¦ zero¼¹ö·Î redirect½ÃÄ×´Ù.
performance testing
nc¸¦ ÀÌ¿ëÇؼ Å« µ¥ÀÌÅ͸¦ ¼·Î º¸³»°í ¹ÞÀ½À¸·Î½á networkÀÇ performance¸¦ Å×½ºÆ®ÇÒ¼öÀÖ´Ù.
[songa@sparcs.kaist.ac.kr] /etc 31 > yes AAAA | nc -v -v -l -p 1234 > /dev/nul&
[1] 3258 3259
[songa@sparcs.kaist.ac.kr] /etc 32 > listening on [any] 1234 ...
[songa@sparcs.kaist.ac.kr] /etc 32 >
[songa@sparcs.kaist.ac.kr] /etc 32 >
[songa@sparcs.kaist.ac.kr] /etc 32 > yes BBBB | nc sparcs 1234 > /dev/null &
[2] 3475 3476
[songa@sparcs.kaist.ac.kr] /etc 33 > connect to [143.248.8.2] from sparcs.kaisac.kr
[143.248.8.2] 31844
[songa@sparcs.kaist.ac.kr] /etc 33 > kill %
[songa@sparcs.kaist.ac.kr] /etc 34 > sent 23470080, rcvd 21675480
±×¸®°í
http://www.wowhacker.com/BoArD/view.php?id=abc_lecture&page=1&category=&sn=off&ss=on&sc=on&keyword=netcat&select_arrange=headnum&desc=asc&no=152
¿©±âµµ ÀÖ±¸¿ä..
Áö±ÝºÎÅÍ ¾Æ·¡³»¿ëÀÇ ¹®¼´Â
http://security.xmecca.comÀÇ Oprix´ÔÀÌ ¾²½Å ±ÛÀÔ´Ï´Ù
|
Hit : 8869 Date : 2007/02/22 03:59
|
1581, 
14/80 
