Fwd: nc help needed.
From: Gautam R. Singh (gautam.singh_at_gmail.com)
Date: 09/25/04
- Previous message: Anirudhya Mitra: "Re: learning ethical hacking"
- In reply to: Vijay Kumar: "Re: nc help needed."
- Next in thread: Marcos E. Rodriguez: "Re: nc help needed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Sep 2004 09:58:56 +0530 To: security-basics@securityfocus.com
Hi
Nc should be running & listning for connection on port 139 on the
dest. -s<ip address> too.
~gautam
---------- Forwarded message ----------
From: Vijay Kumar <vijay@calsoftinc.com>
Date: Fri, 24 Sep 2004 18:56:59 +0530
Subject: Re: nc help needed.
To: scream@cogeco.ca, Security Basics <security-basics@securityfocus.com>
Hi,
Thanks a ton for all the replies. I know that Netbios is using port 139.
Since the Windows computer is currently accepting null sessions, we
should be able to connect to this port via netcat. ( am i right ? )
Have been reading these lines from the documentation, which talks about
assigning proirity to the netcat session we are trying to establish.
Hence I am sure this should work, we are mising on something.
Does anyone has anything to add ?
Also I am not understanding whether the -s <ip address> should be the
computer running netcat or the detination (target) machine ?
"" You will need to bind "in front of" some services that may already be
listening on those ports. An example is the NETBIOS Session Service
that is running on port 139 of NT machines that are sharing files. You
need to bind to a specific source address (one of the IP addresses of
the machine) to accomplish this. This gives Netcat priority over the
NETBIOS service which is at a lower priority because it is bound to ANY
IP address. This is done with the Netcat -s option:
nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
Now you can connect to the machine on port 139 and Netcat will field
the connection before NETBIOS does. You have effectively shut off
file sharing on this machine by the way. You have done this with just
user privileges to boot. ""
Have not used psexec -> will try it.
Regards
Vijay.
On Fri, 2004-09-24 at 17:55, Scream wrote:
> using the -p 139 command line switch would attempt to bind to port 139 on
> the machine you are running it on which being a windows machine is already
> in use..
>
>
> If you are trying to connect to the remote then it would be , this however
> will not spawn a cmd session.
>
> nc -v ip addr 139
>
>
> ----- Original Message -----
> From: "Vijay Kumar" <vijay@calsoftinc.com>
> To: <security-basics@securityfocus.com>
> Sent: Thursday, September 23, 2004 11:21 AM
> Subject: nc help needed.
>
>
> > Hi,
> >
> > Trying to use the nc command from a windows 2k box :
> >
> > nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
> >
> > The error given is : Can't grab xxx.xxx.xxx.xxx:139 with bind.
> >
> > s -> destination host where the null sessions on 139 are accepted.
> >
> > Any clue, how to to get the cmd working on the remote host ?
> >
> > Regards,
> > Vijay.
> >
> >
> >
> >
> >
> >
> >
> > --------------------------------------------------------------------------
> -
> > Computer Forensics Training at the InfoSec Institute. All of our class
> sizes
> > are guaranteed to be 12 students or less to facilitate one-on-one
> > interaction with one of our expert instructors. Gain the in-demand skills
> of
> > a certified computer examiner, learn to recover trace data left behind by
> > fraud, theft, and cybercrime perpetrators. Discover the source of computer
> > crime and abuse so that it never happens again.
> >
> > http://www.infosecinstitute.com/courses/computer_forensics_training.html
> > --------------------------------------------------------------------------
> --
> >
---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.
http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
-- Gautam R. Singh PGP Key: http://gautam.techwhack.com/key/ NOTE: The information contained in this message is confidential and intended only for the use of the individual or entity identified. If the reader of this message is not the intended recipient, any dissemination, distribution or copying of the information in this message is strictly prohibited. If you have received this message by error, please notify the sender immediately.
- Previous message: Anirudhya Mitra: "Re: learning ethical hacking"
- In reply to: Vijay Kumar: "Re: nc help needed."
- Next in thread: Marcos E. Rodriguez: "Re: nc help needed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
