Time
14 hours 43 minutes
Difficulty
Advanced
CEU/CPE
15

Video Transcription

00:01
Hello, everybody, and welcome to the episode number eight of the icy speakers.
00:06
Net cut. My name is Alejandro Gina, and I'll be your instructor for today's session.
00:11
The learning objectivity is to understand some basic naked commands and options
00:16
on combined those options to execute useful TCP I pizza qnix.
00:22
Well, that's gets tighter.
00:26
Ah,
00:27
well, first of all, our net cat is known as to be this with, ah, Swiss Army knife.
00:35
Ah,
00:37
off the TCP I p. Political, because you can do basically anything that you can imagine with sippy protocol. Uh, let's start with the basics, Shall we? Bunny rabbit, Basically just gathering information from the remote host. We can, you know,
00:54
just are
00:57
Windows server here. And we was Stipe. You can use the word net cut, or you can just the abbreviation just and see
01:04
well, juice and see here. And, you know, we can type
01:10
the the I P o for Windows machine, which has an eye as server running
01:15
and the port. Of course. And we would tell him that since Ace, actually, people tell them to It's an http.
01:25
Um sorry,
01:26
uh, command
01:32
and
01:33
you will see some kind of for example, which, uh,
01:37
Sir Breeze and you know some other information. Basically, just as the name is running, grabbing it will get more information as this is about requests. Um, but you know,
01:51
you can. These will be different for different service servers. Web servers, of course. Or any other service. Actually, maybe it would be different if you're using Apache or if you're you've seen enough. Any other words ever you can imagine, for example,
02:07
Yeah, this ever didn't like this instruction. So let's try this out.
02:10
Um, hit
02:14
slash.
02:15
It's due to be slashed. One that zero.
02:19
And you didn't like that either.
02:21
I didn't know. They don't like, you know, this is just a thing that you can contrive, but at the end is bandit grabbing. You can see this information and any other information you can imagine
02:34
on this By using this technique,
02:39
you can apply the same to a sage. Of course. Just changed the port.
02:45
And did you have it?
02:47
Sssh.
02:49
Um, you know
02:51
this walkoff Stroh's an exception. You know, the point is that you can get get the information where gather information, um,
03:00
for a while. Using that cat is that the end is the Swiss army knife of the tpp protocal. Um, and you can see why you can again do the same with you
03:12
Have to be, which are the service is that we have running here and my clothes have to be service. You know,
03:19
you can you get that? That's the heart are the core of planet Robin and you know, But you can tell him Hey, you know what you like. I did the same with l meant actually. Let's right out.
03:29
Um, let's just changed this command
03:32
and tell that and yeah, you can thanks direction
03:38
and the buzz work. And, you know, you will put the buzz when you're well again. That's the point. No story.
03:46
Oh,
03:46
um,
03:47
But, you know, the point is that you can do so much more stuff with Net Cat. Ah, you know, But that's that's That's the reason it's called the tpp Swiss Army knife. Let's How do you like to employ in a chat system between windows on Arlene's machine?
04:05
That sounds like fun, right?
04:09
Well, first we have Thio. Well, we will have to download and that the version for Windows. Unfortunately, we have that already in our linens machine. I by default colleague comes with with the executed will version off the neck at you. Just type locate. Remember that command,
04:29
the Kate neck That that xy And no, I didn't have it here. But, you know, the default path is this one. So remember that we use the SCP command for the for the transfer files over the S H Protocol.
04:46
Well, let's use it right now so we can't actually
04:50
transfer that this net got executed ble to our windows server.
04:56
Shall we
04:57
recipe? And then we have to type the direction which said the Ennis us are sure when those wineries
05:05
and get that ex. Ah, and then we type the user name of the remote server to server itself.
05:16
I'm going through the commands the weekend. We can all remember what what it's used for in what stiff? What's the command itself? Just have the remote location. I wanted to save it, Thio that this do the desktop. You know what?
05:36
First, let me, um,
05:40
up and hear another terminal so we can actually see or windows off.
05:46
That's the at the same time so we can see the chat working just fine.
05:50
I would just put that in here. Ah, remote desktop. They be the user of hands were gonna of course. And, you know, it will look into my user,
06:00
and I'll just take the bus. We're here.
06:04
And let me just said this to decide, so we can see both system at the same time.
06:14
Okay. Cancel.
06:15
And that we have. We have this system here, and as you can see, we don't have. We just have the test here. No, Patton, you know, a couple of files. We don't have any net cut connection or any net got file itself, so I will save it to the desktop. Ah, just
06:32
It's hectic around here. Users.
06:36
Oh, Andrew Graham
06:39
desktop.
06:41
And we just type enter. Of course, it will request buzzword,
06:46
and it will Strong's for successfully according to the output. And there we have it.
06:50
We have our net cut executable in windows.
06:54
Uh, then we just have to simply We'll start the chat system first. I will start a listener. I mean, it will open a port a TCP port on on my colleague machine.
07:10
And this is just too, you know,
07:13
as the names just our up will be opening a TCP ports. That's how handy and useful and powerful cannon Air got command be and done. Net Cat man minors L B P to give it kind of stability.
07:27
Wanted to Ford, which we report often, Uh, let me just,
07:31
uh,
07:32
up for another come line and net. Net start
07:38
minus aunty.
07:40
I mean,
07:42
uh,
07:43
rep wanted for and will return nothing.
07:46
And once a up in this,
07:48
this common will return that this listening on port 124 and I now a simple assist sound. I switched my window's environment, and I just type
08:01
Ned, cut that exa, you know,
08:03
execute herbal version of it and I pee off my, uh, Cali machine, which is standard
08:11
and the poor that is running.
08:15
And there you have. You have a connection
08:16
really good to stable connection. And you can just type Hello, cyber ease server
08:24
and
08:26
what's up?
08:28
And you can see this is how powerful can net cat command be. And one of the many usage you can give to this
08:37
and it could command. And yeah, as you can imagine, we can also, um,
08:45
use this net cutter transfer files,
08:48
for example let me transfer a picture of myself off my beautiful face. I would just type. I mean, I'm in the desktop file's directory right now, so I was type l transfer, uh, this picture.
09:05
So that command seems that's another thing that I like about. Net got three commands. A really simple, very intuitive intuitive. And, you know, there's nothing complicated that, and, yeah, you can combine it with other linens commands by pipe in them, from or to net cat.
09:24
You know, it works both ways.
09:26
So med cat,
09:30
um,
09:31
minus and l b p which will l will be listening on the port, remember? But you know, anyone that connects to this, I will send them,
09:43
um,
09:45
my picture.
09:48
So Assad listener and right on the windows, I mean, the client side of disconnection. I will again extort the net cat. I will tell him to connect to my back to my collie.
10:01
And, you know, poor wanted to four. And I will output that too.
10:07
Um,
10:09
these locations
10:11
oh,
10:13
users
10:15
all the 100 near
10:18
desktop
10:18
and
10:20
it being
10:22
And if everything goes correctly, I'll connected that. And now she will receive that. And there you have it I have my beautiful face right there.
10:35
So, yeah, this is how powerful that that this net cat can be. You can transfer files. You can do whatever you want with that Got, uh, well, whatever you want with CP Protocol, look at me wrong. Um,
10:48
yeah, but, you know, I know what you'd be thinking right now. I came. We actually take control. Take over the remote
10:58
machine. Ah, and the answer is yes. You can actually have a command line on on the remote server. In this case is the Windows server. I mean, the windows machine that we have here, but yeah, you can actually take control over any machine. You can transfer files,
11:16
maybe sometimes, as I told you for you don't have.
11:20
And you don't have a nexus age. You got the river shell, or you got control over the machine by using un exploit. So, yeah, you can You can actually, um and, you know, we transfer the files here doing S S C P Command to try for it, be at the S h. Burkle.
11:39
But you can imagine we already so that don't get command
11:43
so you can use the doll to get command. I mean, let's sit. Let's say that you have control of the machine because you hack it, but there's no actually protocol to interact with the machine. I mean, maybe there's no sshh or there's no f two piece that you can upload files so you can just
12:01
just a doubly get command over the remote machine down loud. The net.
12:05
Then it got executed. Will Persian or the Net got itself if it is a Linux machine and you can start, you know, transferring files, downloading files or doing any kind of test you may want. But, you know, the question remains came. We actually take control over the remote machines, and they actually that dancer is actually yes.
12:26
Um,
12:26
first, let's to start. Um, just another listener here is the same man
12:33
and, ah, on a remote station remote windows machine. We tell him to connect to the same MP, the same command, and we tell them to execute
12:45
a c m d. That exit, which is, you know, a terminal or come online for windows and what's hit? Enter and there you have it. We already we have now full control over the remote machine over the window machine. So as you can see fi type, who am I? I'm a 105 p config.
13:03
You know, I have remote control off over over there. Mode host. Yeah, that's how powerful this this this Ned can't command can be. That's again. Why? It is called the Swiss
13:18
The Swiss Army Knife of the Disappear P protocol. What would school this window?
13:30
What is minor grabbing? Well, actually, just gathering information. We're getting information from the remote system
13:37
for the remote system. Remote ports.
13:41
What names often used when we're talking about net God, Well, I use it like several times. Many times during this video is the Swiss Army knife of the TCP I people
13:52
bac y because you can do so many so many things with that.
13:58
With that tool,
14:00
can we take remote control of a victim But using their cat? Yeah, we definitely can. We definitely get in as you can. As you can see, we can transfer files. We can do anything that you can imagine with. It's just be portable. So it's religious ful eyes really easy to use. And, you know, um,
14:18
it's not that heavy to download
14:20
with a W Get so yeah, you can get creative with net cat ones. You have our access to the remote machine.
14:30
Ah, In this video we saw several maker commands that perform various A pen testing, check techniques or task.
14:37
We executed some net can techniques to understand. How can they help us in our penetration testing process?
14:45
Supplemental materials again, Any net catch chicken you can find on Google, You have to Google that in whatever works for you, you can actually Google for specific techniques By how can I transfer a file that is in a specific format? Or can I transfer our book off files?
15:05
Yeah, I can assure you you will have an answer
15:07
and the command will not be that complicated. Thio to implement and understand. So get another point for net cat.
15:15
Ah, I'm looking for work. Did an Expedia will cover some basic knowledge of buying and reverse shells? Kind of what we did with the Net cut a command off to execute a common line from windows.
15:28
Well, that's it for today, folks. I hope you know you're the video. Thanks for watching and hope to see you soon

Up Next

Offensive Penetration Testing

This is a deep course about penetration testing. In this course, you’ll learn from basic to the most advanced and modern techniques to find vulnerabilities through information gathering, create and/or use exploits and be able to escalate privileges in order to test your information systems defenses.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor