)\  )\   )\.---.  .-,.-.,-.    )\.-.     /`-.   .-,.-.,-. (  \, /  (   ,-._( ) ,, ,. (  ,' ,-,_)  ,' _  \  ) ,, ,. (  ) \ (    \  '-,   \( |(  )/ (  .   _  (  '-' (  \( |(  )/ ( ( \ \    ) ,-`      ) \     ) '..' )  )   _  )    ) \     `.)/  )  (  ``-.     \ (    (  ,   (  (  ,' ) \    \ (        '.(    )..-.(      )/     )/'._.'   )/    )/     )/    for Windows-----------------------------------------------------------------------This NetCat for Windows was originally created by Rodney Beede, it'sa version compiled without the GAPING_SECURITY_HOLE option (-e switch)which can trigger false positives in anti-virus programs. Check thefile readme.rodneybeede.txt for further details.Why am I creating this version, you may ask? Well, during some of mytelnet sessions i've noticed extraneous characters being returned andsuch, so... basically, this version should fix those issues.You can also find there a nc.exe executable, which was compiledusing GCC 4.8.1 and tested under Windows 7 (HP) 32-bits.SHA1(nc.exe)= c5e19c02a9a1362c67ea87c1e049ce9056425788If you have some question, feel free to contact me.Sincerely,Diego Casorran.Just for the sake of, you'll find below the original NetCat README file:UPDATE 12/27/04 security fix in -e option for WindowsNetcat 1.11 for NT - nc111nt.zipThe original version of Netcat was written by *hobbit* <hobbit/at/avian.org>The NT version was done by Weld Pond <weld/at/vulnwatch.org>Netcat for NT is the tcp/ip "Swiss Army knife" that never made it into any of the resource kits.  It has proved to be an extremely versatile tool on the unix platform. So why should NT always be unix's poor cousin when it comes to tcp/ip testing and exploration?  I bet many NT admins out therekeep a unix box around to use tools such as Netcat or to test their systemswith the unix version of an NT vulnerability exploit.  With Netcat for NTpart of that feeling disempowerment is over.Included with this release is Hobbit's original description of the powers of Netcat.  In this document I will briefly describe some of the things anNT admin might want to do and know about with Netcat on NT.  For moredetailed technical information please read hobbit.txt included in thenc11nt.zip archive.     Basic Features     * Outbound or inbound connections, TCP or UDP, to or from any ports     * Full DNS forward/reverse checking, with appropriate warnings     * Ability to use any local source port     * Ability to use any locally-configured network source address     * Built-in port-scanning capabilities, with randomizer     * Can read command line arguments from standard input     * Slow-send mode, one line every N seconds     * Hex dump of transmitted and received data     * Ability to let another program service established       connections     * Telnet-options responder     New for NT     * Ability to run in the background without a console window     * Ability to restart as a single-threaded server to handle a new       connectionA simple example of using Netcat is to pull down a web page from a webserver.  With Netcat you get to see the full HTTP header so you can seewhich web server a particular site is running.Since NT has a rather anemic command processor, some of the things that areeasy in unix may be a bit more clunky in NT. For the web page example firstcreate a file get.txt that contains the following line and then a blankline:GET / HTTP/1.0To use Netcat to retrieve the home page of a web site use the command:nc -vwww.website.com 80 < get.txtYou will see Netcat make a connection to port 80, send the text containedin the file get.txt, and then output the web server's response to stdout.The -v is for verbose.  It tells you a little info about the connectionwhen it starts.It is a bit easier to just open the connection and then type at the consoleto do the same thing. nc -vwww.website.com 80Then just type in GET / HTTP/1.0 and hit a couple of returns.  You will see the same thing as above.A far more exciting thing to do is to get a quick shell going on a remotemachine by using the -l or "listen" option and the -e or "execute"option.  You run Netcat listening on particular port for a connection.When a connection is made, Netcat executes the program of your choiceand connects the stdin and stdout of the program to the network connection.nc -l -p 23 -t -e cmd.exewill get Netcat listening on port 23 (telnet).  When it gets connected toby a client it will spawn a shell (cmd.exe).  The -t option tells Netcatto handle any telnet negotiation the client might expect.This will allow you to telnet to the machine you have Netcat listening onand get a cmd.exe shell when you connect.  You could just as well use Netcat instead of telnet:nc xxx.xxx.xxx.xxx 23will get the job done.  There is no authentication on the listening sideso be a bit careful here.  The shell is running with the permissions of theprocess that started Netcat so be very careful.  If you were to use theAT program to schedule Netcat to run listening on a port with the -e cmd.exe option, when you connected you would get a shell with userNT AUTHORITY\SYSTEM.The beauty of Netcat really shines when you realize that you can get itlistening on ANY port doing the same thing.  Do a little exploring andsee if the firewall you may be behind lets port 53 through.  Run Netcatlistening behind the firewall on port 53.  nc -L -p 53 -e cmd.exeThen from outside the firewall connect to the listening machine:nc -v xxx.xxx.xxx.xx 53If you get a command prompt then you are executing commands on thelistening machine.  Use 'exit' at the command prompt for a cleandisconnect. The -L (note the capital L) option will restart Netcat withthe same command line when the connection is terminated.  This way you canconnect over and over to the same Netcat process.A new feature for the NT version is the -d or detach from console flag.This will let Netcat run without an ugly console window cluttering up thescreen or showing up in the task list.You can even get Netcat to listen on the NETBIOS ports that are probablyrunning on most NT machines.  This way you can get a connection to amachine that may have port filtering enabled in the TCP/IP Security Networkcontrol panel.  Unlike Unix, NT does not seem to have any security aroundwhich ports that user programs are allowed to bind to.  This means anyuser can run a program that will bind to the NETBIOS ports.You will need to bind "in front of" some services that may already belistening on those ports.  An example is the NETBIOS Session Service thatis running on port 139 of NT machines that are sharing files.  You needto bind to a specific source address (one of the IP addresses of the machine) to accomplish this.  This gives Netcat priority over the NETBIOSservice which is at a lower priority because it is bound to ANY IP address.This is done with the Netcat -s option:nc -v -L -e cmd.exe -p 139 -s xxx.xxx.xxx.xxxNow you can connect to the machine on port 139 and Netcat will fieldthe connection before NETBIOS does.  You have effectively shut offfile sharing on this machine by the way.  You have done this with justuser privileges to boot.PROBLEMS with Netcat 1.1 for NTThere are a few known problems that will eventually be fixed.  One isthe -w or timeout option.  This works for final net reads but notfor connections.  Another problem is using the -e option in UDP mode.You may find that some of the features work on Windows 95.  Mostof the listening features will not work on Windows 95 however.   These willbe fixed in a later release.Netcat is distributed with full source code so that people can buildupon this work.  If you add something useful or discover something interesting about NT TCP/IP let met know.Weld Pond <weld/at/l0pht.com>, 2/2/98