[HN Gopher] Netcat - All you need to know
___________________________________________________________________
Netcat - All you need to know
Author : todsacerdoti
Score : 173 points
Date : 2021-07-27 14:41 UTC (8 hours ago)
(HTM) web link (blog.ikuamike.io)
(TXT) w3m dump (blog.ikuamike.io)
| GekkePrutser wrote:
| [OpenBSD Netcat] "In addition to those enhancements it is
| compiled to remove a feature that is considered a gaping security
| hole of the application."
|
| I wonder what feature this was? The site doesn't elaborate.
|
| Edit: Ah I saw the thing about the -e later on but I didn't think
| that was it as indeed it's not really a security hole imo. Rather
| just a tool.
| jfrunyon wrote:
| -c and -e. They're not security holes, they're useful features
| which like most powerful tools can be misused or abused.
| GekkePrutser wrote:
| Ah yeah it was the security hole description that threw me
| off. I was expecting something more along the lines of a
| buffer overflow.
| naikrovek wrote:
| The article definitely did elaborate, but not as much as I
| would have liked.
|
| The feature is the -e option, which is used (among other
| things) for reverse shells.
| [deleted]
| thayne wrote:
| > Netcat having being initially written to be used on linux the
| variants are linux based
|
| uh, what? the original netcat was a _Unix_ program, not linux
| specefic. I don 't think GNU netcat is linux specific either. And
| the OpenBSD variant, as its name suggests was originally written
| for OpenBSD, although it was ported to Linux later.
| chasil wrote:
| There is also a netcat inside busybox, and the Windows port
| from frippery.org implements it.
|
| The busybox netcat doesn't set off all the malware alarms on my
| corporate desktop. C:\Temp>\bin\busybox64 nc
| 1.2.3.4 21 220 (vsFTPd 2.0.5) quit 221
| Goodbye.
|
| The Windows port is not very smart compared to the rest of the
| netcat family (the Linux x86-64 version has more of the common
| options). C:\Temp>\bin\busybox64 nc
| BusyBox v1.32.0-FRP-3445-g10e14d5eb (2020-04-11 10:50:47 BST)
| multi-call binary Usage: nc [-l] [-p PORT] [IPADDR
| PORT] Open a pipe to IP:PORT -l
| Listen mode, for inbound connects -p PORT Local
| port
| tyingq wrote:
| Yeah, that was funny to me too.
|
| Older makefiles had targets for Ultrix, Nextstep, and even
| Unixware :)
|
| https://sourceforge.net/p/nc110/git/ci/v1.10/tree/Makefile
| dsr_ wrote:
| Hobbit wrote netcat in 1995:
|
| https://seclists.org/bugtraq/1995/Oct/28
| [deleted]
| [deleted]
| tambourine_man wrote:
| More importantly, is that a figlet font simulating dripping ink?
| Cause it's freaking cool.
| sgt wrote:
| Need to include that into my next command line tool.
| sprash wrote:
| Bash has a /dev/tcp/$host/$port pseudo device which covers almost
| all use cases of Netcat just in case your machine has no Netcat
| installed.
|
| I still don't understand why such a device/file is not shipped
| with Unix/Linux by default so it would work with any shell or
| program.
| AnIdiotOnTheNet wrote:
| Because Linux didn't copy _everything_ from Plan9.
| Unfortunately.
| yjftsjthsd-h wrote:
| I wonder how hard it would be to write kernel modules to fix
| that.
| tyingq wrote:
| Good for clients, but bash can't do a listen socket. Gawk can,
| though it's pretty limited.
| zaik wrote:
| Are you sure this is a Bash feature and not some kernel module?
| FreeFull wrote:
| It definitely is a bash feature. From the bash manpage:
| Bash handles several filenames specially when they are used
| in redirections, as described in the following table. If the
| operating system on which bash is running provides these spe-
| cial files, bash will use them; otherwise it will emulate
| them internally with the behavior described below.
| /dev/fd/fd If fd is a valid integer,
| file descriptor fd is duplicated.
| /dev/stdin File descriptor 0 is
| duplicated. /dev/stdout
| File descriptor 1 is duplicated.
| /dev/stderr File descriptor 2 is
| duplicated. /dev/tcp/host/port
| If host is a valid hostname or Internet address, and port is
| an integer port number or service name, bash attempts to open
| the corresponding TCP socket.
| /dev/udp/host/port If host is a
| valid hostname or Internet address, and port is an integer
| port number or service name, bash attempts to open the
| corresponding UDP socket.
| gnu8 wrote:
| It just seems confusing that bash is using the /dev
| namespace for this feature.
|
| Are there circumstances where /dev/tcp/host/port might be
| provided by the operating system and provide the same
| functionality? Or is that just saying bash will stay out of
| the way if you are trying to access special files in /dev
| if they really exist?
| zamadatix wrote:
| The old TLI/XTI alternatives to BSD sockets (pre when BSD
| sockets were standardized into POSIX sockets) back in the
| System V days provided this path/socket connection
| format. For a modern holdover these are still available
| in Solaris.
| dpedu wrote:
| Unless the operating system decides to use bash to access
| some device, it's fine.
|
| Nothing besides bash can see these. They're not really
| there. It's a mirage created by bash.
| numpad0 wrote:
| That's the problem.
| FreeFull wrote:
| /dev/std{in,out,err} are provided by Linux, and bash does
| stay out of the way there. I'm not aware of anything that
| provides /dev/tcp/host/port, although I think Plan 9
| might have something similar. If the file happens to
| exist, bash will use the file rather than its own special
| functionality.
| dec0dedab0de wrote:
| nmap not only comes with ncat, but with nping, which I used to
| find incredibly useful for troubleshooting when I was a network
| engineer. Especially with load balancing, wccp, and other things
| that change routes based on port. I think it was based on a
| program called hping, but I haven't really followed that world in
| a while.
| sigmonsays wrote:
| no mention of socat?
| cowmix wrote:
| Yeah, socat is my go-to for tcp socket scripting.
| linsomniac wrote:
| Indeed. Nor any mention of the busybox netcat.
|
| busybox, a great program, but something about it's netcat will
| hang at the end of sending data, rather than closing the socket
| and exiting. Because of that I have to ^C it, and then wonder
| if it fully sent the last block of data.
|
| For decades now I've used minimal rescue environments and
| "netcat" to copy data around. A lot of these rescue
| environments, especially 20 years ago, were pretty minimal. I
| liked being able to use the RedHat or Fedora install media as
| rescue, because I always had it handy.
|
| So I fell back to this habit of, I know Python is on this
| system (RedHat installer), so I made a few versions of a python
| "netcat" program. A bigger one with more features, in case I
| was able to "wget" a file. Or smaller "in" and "out" programs
| that I could comfortably type in by hand.
|
| But I really need to get into the habit of using socat now. I
| had it in mind that it's hard to remember how to use, so I'd
| just wget my python version and be done with it. But I need to
| get in the habit. socat is SO powerful.
|
| Beware, Ubuntu 20.04 has version with a bug in TLS-based "file
| copy" socat usage.
| https://bugs.launchpad.net/ubuntu/+source/socat/+bug/1936407
|
| Simple fix is to just "dpkg -i" the 18.04 or 21.04 .deb file,
| there don't seem to be any strange dependencies.
| jaytaylor wrote:
| Don't forget the venerable websocat for testing and scripting
| websockets!
|
| https://github.com/vi/websocat
|
| Such a useful tool when the need arises, lifesaver.
| [deleted]
___________________________________________________________________
(page generated 2021-07-27 23:00 UTC)