Wednesday, August 29, 2018

Netcat and Ncat


Everyone in NetSec knows of, or has at least heard of netcat, the brainchild of Hobbit, written in 1995 and ported to Windows by Weld Pond in 1998. It's called the "TCP/IP Swiss Army Knife of Networking" for good reason. You can create just about any type of network connection you need, and it's flexibility is amazing.
That said, the original version is no longer maintained and has become outdated. The feature set in it hasn't changed in over 20 years. So a couple of different projects set out to update this ubiquitous little tool and keep adding to it's arsenal.

One of the ports is from the GNU Project, who released GNU Netcat for portability to other platforms and adherence to the original netcat. That project's last release was in 2013, version 0.7.1. This more compliant version is still in use, with over 2,000 downloads at the time of this writing.

Another more ambitious port of netcat is from Fyodor, called Ncat. Ncat is included with the Nmap port scanner, and is a fantastic tool for pen testers. It has support for a wide variety connections, including:


  • IPv6 support
  • Shell execution after connecting
  • Shell command execution after connecting
  • Lua support
  • Loose source routing support
  • Client and server modes (naturally)
  • Specifying source port, source address (spoofing), UDP or SCTP instead of TCP, receive data only, SSL ciphers to use, ssl certs to use and more.
  • Accept multiple connections
  • Telnet mode
  • No DNS resolution (Shhhhh....)
  • Idle time out and more
All of these are straight from the help output of ncat. There are lots of articles about using Ncat and netcat for advanced options. If you can think of a connection you need to make (and it's physically possible), you can probably set it up in Ncat. The Nmap project page about Ncat can be found here.

Friday, August 10, 2018

Mind Map of Hack Me Practice sites

There's an excellent mind map of Internet practice sites set up to train pen testers by offering a place to practice their skills. Put out by Aman Hardikar, you can find the list here. There's also an URL only version here, which can be easier to read. Some of the sites are old, some brand new, and they are broken down into category for easy concentration on whatever you are learning. Aman has a whole catalog of other mind maps, found here.

Blog Archive