RE: nc help needed.

From: Michael Shirk (shirkdog_at_cryptomail.org)
Date: 09/24/04

Next message: GuidoZ: "Re: Laptop Encryption & Hibernation"

Previous message: Ravishankar: "Re: Laptop Encryption & Hibernation"
Maybe in reply to: Vijay Kumar: "nc help needed."
Next in thread: Johannes Lichtenberger: "Re: nc help needed."
Reply: Johannes Lichtenberger: "Re: nc help needed."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri Sep 24 08:23:15 EDT 2004
To: security-basics@securityfocus.com

You say you are trying to connect to a destination, but these commands will setup a server on your local win2k box. The syntax is different to connect out to a destination.

Google netcat command line options and you get the readme file:

I found the syntax you are using, and here is what it is used for -------------------------------------------------------------------------------------------------------
You can even get Netcat to listen on the NETBIOS ports that are probably
running on most NT machines. This way you can get a connection to a
machine that may have port filtering enabled in the TCP/IP Security Network
control panel. Unlike Unix, NT does not seem to have any security around
which ports that user programs are allowed to bind to. This means any
user can run a program that will bind to the NETBIOS ports.
You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service that
is running on port 139 of NT machines that are sharing files. You need
to bind to a specific source address (one of the IP addresses of the
machine) to accomplish this. This gives Netcat priority over the NETBIOS
service which is at a lower priority because it is bound to ANY IP address.
This is done with the Netcat -s option:

nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot.
--------------------------------------------------------------------------------------------------

Now, I would ask what your purpose is. If you are trying to see if the windows 2000 box allows null sessions, then use a tool like enum to enumerate information from a null session. However, if you actually want to make netcat listen for connections ahead of the NETBIOS service, then I would ask if anyone else has got this to work. I get the same thing in Win2K. Obviously it worked in WinNT (but doesn't everything work in WinNT?)


Shirkdog


-----Original Message-----
From: vijay@calsoftinc.com [mailto:vijay@calsoftinc.com]
Sent: Thursday, September 23, 2004 11:22 AM
To: security-basics@securityfocus.com
Subject: nc help needed.
Importance: Low
Hi,
Trying to use the nc command from a windows 2k box :
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
The error given is : Can't grab xxx.xxx.xxx.xxx:139 with bind.
s -> destination host where the null sessions on 139 are accepted.
Any clue, how to to get the cmd working on the remote host ?
Regards,
Vijay.

!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+
CryptoMail provides free end-to-end message encryption.
http://www.cryptomail.org/ Ensure your right to privacy.
Traditional email messages are not secure. They are sent as
clear-text and thus are readable by anyone with the motivation
to acquire a copy.
!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------

Next message: GuidoZ: "Re: Laptop Encryption & Hibernation"

Previous message: Ravishankar: "Re: Laptop Encryption & Hibernation"
Maybe in reply to: Vijay Kumar: "nc help needed."
Next in thread: Johannes Lichtenberger: "Re: nc help needed."
Reply: Johannes Lichtenberger: "Re: nc help needed."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: nc help needed.
... >You can even get Netcat to listen on the NETBIOS ports that are probably ... >which ports that user programs are allowed to bind to. ... >user can run a program that will bind to the NETBIOS ports. ...
(Security-Basics)
Re: What are these ports?
... >>properly it keeps the connection around long enough to make sure the close ... I do have MS NTP client turned off. ... > Since I am not using NetBios why does it seem that the ports are open? ... You will still be using NetBIOS locally even if you aren't using it over the ...
(microsoft.public.windowsxp.network_web)
Re: Domain Controller port numbers
... Here is a list of ports... ... NetBIOS datagram service 138/udp ... Service overview and network port requirements for the Windows Server system ... > Windows cannot obtain the domain controller name for your computer ...
(microsoft.public.windows.server.general)
Re: Waiting for BIND security announcement
... BIND is more than just named. ... BIND is there in contrib coz lot of stuff depends on it and so its best left there. ... BIND is also there in ports coz the one there offers you a lot more build time options, is newer, gets updates faster, and is also easier to get up and running with out of the box. ...
(freebsd-questions)
Re: Microsoft "Messenger Service"
... it is a NETBIOS functionality which means I must of had ... > one the Microsoft netbeui ports open. ... > home machine IP. ... > use NET SEND if the proper Microsoft ports 135-137 are not open. ...
(comp.security.misc)