Re: nc help needed.
From: Johannes Lichtenberger (jl_at_sindarin.nabooisland.com)
Date: 09/25/04
- Previous message: Ravi Kumar: "RE: Conferences..."
- In reply to: Michael Shirk: "RE: nc help needed."
- Next in thread: mike_at_genxweb.net: "Re: nc help needed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Sep 2004 17:37:29 +0200 To: Michael Shirk <shirkdog@cryptomail.org>
Michael Shirk wrote:
>You say you are trying to connect to a destination, but these commands will setup a server on your local win2k box. The syntax is different to connect out to a destination.
>
>Google netcat command line options and you get the readme file:
>
>I found the syntax you are using, and here is what it is used for -------------------------------------------------------------------------------------------------------
>You can even get Netcat to listen on the NETBIOS ports that are probably
>running on most NT machines. This way you can get a connection to a
>machine that may have port filtering enabled in the TCP/IP Security Network
>control panel. Unlike Unix, NT does not seem to have any security around
>which ports that user programs are allowed to bind to. This means any
>user can run a program that will bind to the NETBIOS ports.
>You will need to bind "in front of" some services that may already be
>listening on those ports. An example is the NETBIOS Session Service that
>is running on port 139 of NT machines that are sharing files. You need
>to bind to a specific source address (one of the IP addresses of the
>machine) to accomplish this. This gives Netcat priority over the NETBIOS
>service which is at a lower priority because it is bound to ANY IP address.
>This is done with the Netcat -s option:
>
>nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
>Now you can connect to the machine on port 139 and Netcat will field
>the connection before NETBIOS does. You have effectively shut off
>file sharing on this machine by the way. You have done this with just
>user privileges to boot.
>--------------------------------------------------------------------------------------------------
>
>Now, I would ask what your purpose is. If you are trying to see if the windows 2000 box allows null sessions, then use a tool like enum to enumerate information from a null session. However, if you actually want to make netcat listen for connections ahead of the NETBIOS service, then I would ask if anyone else has got this to work. I get the same thing in Win2K. Obviously it worked in WinNT (but doesn't everything work in WinNT?
>
>
SO_EXCLUSIVEADDRUSE should have been set by the services. Probably, as
you sayd, it's working with the old NT 4.
[LUNA] C:\>netstat -ano | find "445"
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 192.168.69.253:445 192.168.69.253:1035 ESTABLISHED 4
TCP 192.168.69.253:445 213.6.21.64:4758 ESTABLISHED 4
TCP 192.168.69.253:445 213.137.25.119:3694 ESTABLISHED 4
TCP 192.168.69.253:1035 192.168.69.253:445 ESTABLISHED 4
UDP 0.0.0.0:445 *:* 4
[LUNA] C:\>nc -l -p 445 -s 192.168.69.253
Can't grab 192.168.69.253:445 with bind
With Direct SMB and Windows Server 2003 it's really not working ;-)
- Previous message: Ravi Kumar: "RE: Conferences..."
- In reply to: Michael Shirk: "RE: nc help needed."
- Next in thread: mike_at_genxweb.net: "Re: nc help needed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
