Linux (part 5) IP Addressing and netcat
Video Activity
This module discusses IP addresses which can be pulled from a router. The module also teaches about commands such as ifconfig which shows a network configuration. You can also set a static IP address. This unit also teaches how networking can be done if you talk to other systems via the ping command and giving their IP addresses. The netcat command...
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Description
This module discusses IP addresses which can be pulled from a router. The module also teaches about commands such as ifconfig which shows a network configuration. You can also set a static IP address. This unit also teaches how networking can be done if you talk to other systems via the ping command and giving their IP addresses. The netcat command can be used to make TCP/IP connections.
Video Transcription
00:04
that's going to take the service Apache to and start. It
00:08
starts that up. So now if I do and that's that
00:12
there's your auntie pay.
00:15
We have Port 80 listening. Port 80 is the typical port for Web servers, so that makes sense now. We have
00:22
beauty listening. Course we can stop. It is, well, same ways into Apache to stop.
00:29
We want to to stop it.
00:31
And while we're on the subject of networking, wonder what my I P addresses by the salt.
00:37
Callie will use D H cp, so it will automatically pull an I P address
00:42
from your rotter. So if you're on host only it would pull it from GM wears. Who's the only network you're on? Bridget will pull it from whatever router your computers using
00:52
Get an I P address. It'll act as though it's a completely different machine.
00:58
We do. I f convict as opposed to I p config
01:03
for Windows. Windows has to be different. But Mac and Linux action what Not all use I s can fake toe look at networking information. So if you get that backwards from time to time, you're in good company through no worries. So I ask in seg
01:19
and that will show us our networking information.
01:22
Who I have East Zero and I also have the local. So it's just gonna be my loot back. So
01:27
home probably seen the T shirt. There's no place like
01:30
127.0 dot zero that one. No place like home
01:36
Kiki joke,
01:37
but we're more interested in our actual
01:41
in her face that talks to the Internet. So my
01:44
network is one. Then she won't succeed. About one years may be different,
01:49
and
01:51
I am 0.77. My net mask is 255255
01:56
Pete's life. I've got zero unfamiliar with Net mash. I may not be as familiar with them as I think I am. Actually think I got that question wrong on my file examined networking. But basically what it means is
02:10
how many bits of the I P address belonged to the network
02:15
and how much are the actual host? So in this case,
02:20
so is my 1st 3 ox. It's
02:22
are going to belong to the network to 19 to 1 68.1 are all part of the network. That means everything on this network is going to be 1 91 68.1 and then everything from 0.1, which is probably the router. Although waited to 54 his 2 55 is the broadcast. So actually see that here
02:43
that's going to basically call out to everyone.
02:46
You know, I have all those I P addresses again between probably to use one's probably the router
02:51
and 2 54 that could be assigned in this case.
02:55
I'm 77 so this is a slash 24
03:00
so this would be 1 91 68 at 1.1 slash 24. It's just another way of representing this net mask.
03:08
So that's saying that
03:10
24 bits are going to be
03:15
part of the network, So Aid
03:17
exchange 24.
03:21
You could also say Have a splash. 16. So that would be 25525500 and then only 192 and 168 would be part of the network. So then we could have
03:32
not one not two, not three, all the way too dark to 54
03:38
one through 2 54 on all those as well.
03:43
So a bit more space.
03:46
So again, certainly you can read networking books.
03:50
It's basically anything that you could learn about. Computer science is ultimately going to help you in pen testing. That's been way too much time looking at things from computer science that I didn't pay attention to, and I should have thinking I would never need them. So it's definitely if you do have a computer science background, it is worth it.
04:06
You know, if you want to spend your time reading that working manuals will only help you in the long run,
04:11
so you can also set the static I p address to invite a fault. It does used T H C p.
04:17
That is going too good to grab an I P address each time. But then your I P address might change,
04:25
so it probably won't from just day to day. But you know, might overtime to restart the m enough.
04:31
And certainly when you go to other locations you'll get a new life, the address.
04:39
But
04:40
we might not want that to happen. Like, for instance, if you're shooting a video for a class, you may want to have the same I p address all the time. But what I could do in Lenox for that is I can do
04:50
nano or B I slosh at sea to an edgy directory from root slash network
04:59
flash interfaces.
05:01
You just look a little bit different from mine. You're actually not gonna have this part.
05:05
So you should have I face eat zero on it and then D h cp. Whereas minds is static
05:12
in these three lines here, you won't have.
05:15
So that's just because yours is the A C. P. And I set mind ecstatic so my
05:19
appearances would always be the sames of my videos at least would be consistent.
05:25
So it was just changed. You see Peter Static and then given an address, reminds 1 91 Succeeded that one about 77. Whatever you get from D h c P. Just give it something in that range
05:36
and net mask again. Yours will probably be 255255255 That's your if you're at home.
05:46
Maybe if you're at a work network or some other enterprise, it might be different.
05:49
Slash aids and flush exchange all the time enterprises, but seems like most home networks. There was 24
05:58
with the gateway.
06:00
That's probably not one is probably what your writers I p addresses
06:04
again. If your home could be anything in it. Enterprise.
06:09
Now I t. People have to have something to keep themselves busy, like messing with the network So you can do this or not do this. You don't have to. Certainly,
06:19
and we could do service networking Restart to restart that.
06:26
I didn't make any changes. Saw this. Leave it alone.
06:30
And
06:30
that's just a little bit about not working again. Probably a class on that working. You could take your book,
06:36
but just a little bit, really. I mean, as long as you could talk to other systems like
06:42
we did a ping. This is going to use ICMP echo.
06:46
It is going to talk to another system and see if it's alive. That said, a live system doesn't necessarily have to respond to Ping,
06:55
so just because it doesn't get anything back doesn't mean the system's not up. But say, if I went after 76 should be around.
07:04
The system's alive, so I'm able to talk to another system on my network
07:09
because I have Internet access because I'm using bridge. I can also make ping WW dot google dot com
07:16
and talk to another system on the Internet.
07:19
So
07:20
again, it doesn't necessarily have to respond to paying. In fact, when the newer window systems who have Windows Firewall on actually don't
07:29
by the fault. So just because it doesn't pain doesn't mean it's not there. We'll see that there are other ways we can see whether system is up or not.
07:36
So right as long as we're able to talk on the network when we get on the network who want to be able to talk to other systems if we're doing pin dust thing. So I really just need to know enough networking to troubleshoot if you're not getting an I P address at your client location.
07:53
So that could be rather embarrassing if it's something really simple that you couldn't figure out so just a little bit of networking necessary.
08:01
One last thing.
08:03
I'm going to look at a tool called Net catch,
08:07
which is abbreviated, as in See that cat for two. A man and see
08:13
called itself the TCP such i p Swiss Army knife and in fact, you could say indeed it is that cat is
08:22
really awesome at making to shi fi I pre connections
08:26
going cue to get out of the man. Paige.
08:30
So we have a lot of different things we can do with Net cat. Um, we can
08:33
listen on a port so that cat dash l for listen,
08:39
we can listen. Proposed plea on ports.
08:43
How about 1234?
08:46
Who's gonna listen on a port from incoming connection? If I open up another terminal window?
08:54
This case I'm just working with two different terminals on the same system. I could do this between systems as well. If you want to pull up your bunch, you system your target that you download it. That also has not cat on it by the salt. So you could actually, with the i p addresses, work between the two
09:11
with this one. Let's do a net cat. And instead of going into listen mode with the dash l let's actively connect.
09:18
So we actually have basically two ways of dealing with this. Well, see this more. When we look more independent, testing, particularly in medicine, boy will see bind on reverse shells. So will
09:31
call out actively
09:33
with the reverse shell.
09:35
Well, listen locally equivalent of our listening. That cat with a buying shells will listen for an incoming connection.
09:43
That would be two ways of making connections. Either we wait for someone to come to us or we actively go to them.
09:50
Really? Just no three ways about it, just those two.
09:54
So this time we're going to actively call back in particular, we're going to call back to this guy again on the same system.
10:01
Well, it's Net. Cat 2192.168 At wonder What's my I P address? I forgot
10:09
1 77 neck out. Didn't see 192.168 That wound up 77. So I'm really just talking to myself.
10:16
And then I want port 1234 not cat I P Address and poor.
10:22
We don't get anything on this end. But if we come here, we did get a connection
10:28
because I used that dash V for Bos
10:33
That does tell us with the connection.
10:35
So I say Hi, George.
10:39
Over here, with our connection, it comes back over here.
10:41
I do
10:43
a little chat program. She will very primitive chat program. But Certainly we can do better, right? Certainly we could do better. All right, So let's do a control. See
10:56
till it. So once we kill one, the other one will close as well.
11:01
Once again Open up our listener. So I could just do the up arrow to grab the last command I had
11:05
again I'm gonna open up a listener,
11:09
But this time I'm gonna do Dash E at the end for execute Tell it I want to execute been badge. So that's actually going to be our command interpreter when I open up my terminal.
11:22
Well, I'm dropping into is a bash shells. That's the underlying thing that is
11:28
taking our text. And now we want to do if it knows what ch mod means. What l s means. What Grete means for what we're doing here is setting up a listener on port 1234
11:39
And then when someone connects, it's going to execute. Been bash was actually going to give someone a terminal
11:46
awesome for remote administration. Maybe not so awesome for security If we just have a root shell lying around,
11:52
if we start this as root, whoever attaches to it will have privileges whoever starts the program
12:01
except what the privileges are. So whoever attaches to it will have privileges and thus will be able to destroy the file system, read all the files, including sensitive data and make changes.
12:11
So maybe not a good idea from a security perspective, But
12:16
so it is
12:18
and again on our other terminal weekend to the up era to connect,
12:22
begin our actors connection
12:24
on
12:26
Unless he doesn't have a prompt simple, it will give a prompt.
12:31
He depends on what kind of shell you're using. You can use different things besides that cat, like some of the things that medicine. But it will give you a prompt. Something's blown. It really just depends if I can run commands here
12:45
we do it. L s again. It's in the same directory as we are here. Is that we're still in home. Georgia.
12:50
So do l. S. It shows me the contents of short is home directory.
12:56
Cat out at sea. Password P A s s W d. Do you I know? What's an Etsy password?
13:05
Well,
13:05
user names
13:07
for more information about them.
13:11
We have route.
13:13
There aren't any passwords of password. Hash is here so it's kind of unfortunate, right? But it has, like, information about like it uses been bashed.
13:22
It was like that. Groups use your I. D. S.
13:26
He's like that. So who's Georgia and James down here is a home directory using
13:31
what kind of shell they use user I d s,
13:35
but no password hazards. That's no good. But what about since we have privileges? What about Etc. Shadow within the shadow file.
13:43
Guessed it password. Hodges. We confined password Hodges on any of our targets in the
13:50
Shadow files for
13:52
Lennox Systems might be able to use a password cracker to reverse thes we know their password, but
14:00
yes,
14:01
it happens
14:03
so a bit more interesting when we actually have a program on the other end. Such is the terminal.
14:09
But then when you do a control, see,
14:11
one more thing, we could do it. We're gonna actually using that cat piss and files. So if you're on
14:16
network and you're trying to
14:20
upload a file or download a file and you're not having any success with any other way of doing it, which is probably unlikely since when access w get there's a few different ways to do it in Windows as well.
14:33
Um, well, see that a bit later on. We do post exploitation. I mean, moving files around us.
14:39
Rather interesting thing. But we could do in that cat if we have it. So again we could do our
14:45
neck cat. Listen, But this time, let's do
14:50
whatever comes in. Let's out Put it into my file three.
14:56
And
15:00
this time
15:01
let's
15:05
let's do let me just create a file on the root directory called my Father for
15:11
this is a secret
15:18
on input. So we know that the greater than Zahn is output. We could do a less stands on for input. Pipe it into
15:28
parking man show. I'll give it my file for
15:33
but next.
Up Next
Similar Content
