1 -*- mode: outline; coding: utf-8; -*- |
|
2 |
|
3 * Port forwarding. |
|
4 |
|
5 $ ssh -L 8888:www.linuxhorizon.ro:80 user@computer -N |
|
6 $ ssh -L 8888:www.linuxhorizon.ro:80 -L 110:mail.linuxhorizon.ro:110 \ |
|
7 25:mail.linuxhorizon.ro:25 user@computer -N |
|
8 |
|
9 The second example (see above) show you how to setup your ssh tunnel for web, pop3 |
|
10 and smtp. It is useful to recive/send your e-mails when you don't have direct access |
|
11 to the mail server. |
|
12 |
|
13 For the ASCII art and lynx browser fans here is illustrated the first example: |
|
14 |
|
15 +----------+<--port 22-->+----------+<--port 80-->o-----------+ |
|
16 |SSH Client|-------------|ssh_server|-------------| host | |
|
17 +----------+ +----------+ o-----------+ |
|
18 localhost:8888 computer www.linuxhorizon.ro:80 |
|
19 |
|
20 * Port listening. |
|
21 |
|
22 Connect to a server: |
|
23 |
|
24 $ nc hostname port |
|
25 |
|
26 Be a server: |
|
27 |
|
28 $ nc -l -p port |
|
29 |
|
30 * Simple filetransfer. |
|
31 |
|
32 Serve a file: |
|
33 |
|
34 $ nc -l -p port < file |
|
35 |
|
36 Receive a file: |
|
37 |
|
38 $ nc hostname port > file |
|
39 |
|
40 * Filesystem cloning. |
|
41 |
|
42 Serve the filesystem: |
|
43 |
|
44 $ tar cOPp --same-owner / | nc -l -p port |
|
45 |
|
46 Receive the filesystem: |
|
47 |
|
48 $ nc -w3 hostname port | tar xPp |
|
49 |
|
50 * Disk cloning. |
|
51 |
|
52 Serve the disk image: |
|
53 |
|
54 $ dd if=/dev/hda | nc -l -p port |
|
55 |
|
56 Receive the image: |
|
57 |
|
58 $ nc -w3 hostname port | dd of=/dev/hda |
|
59 |
|
60 * Encrypted, compressed and IP restricted filetransfer. |
|
61 |
|
62 If combining encryption and compression, be sure to compress first then |
|
63 encrypt when sending and reverse the order for receiving. Do not attempt to |
|
64 encrypt then compress. Compression works by finding patterns which are |
|
65 destroyed intentionally by the process of encryption. Also, though not |
|
66 required, specifying the IP address of the host that will be transferring the |
|
67 file is a good idea. |
|
68 |
|
69 Serving a compresssed, encrypted file from 192.168.0.1 to 192.168.0.2: |
|
70 |
|
71 $ gzip -c < file | openssl aes-128-cbc -e -k thispassword | nc -l 192.168.0.2 12345 |
|
72 |
|
73 Receiving, decrypting and decompressing that file: |
|
74 |
|
75 $ nc 192.168.0.1 12345 | openssl aes-128-cbc -d -k thispassword | gunzip -c > file |
|
76 |
|
77 * Scan with nmap. |
|
78 |
|
79 TODO |
|
80 |
|
81 * Scan with netcat. |
|
82 |
|
83 $ nc -v -w 2 -z hostname portrange |
|
84 $ nc -v -w 2 -z hostname portlisting |
|
85 |
|
86 Where portrange is for example "10-20" to scan all ports between 10 and 20, |
|
87 portlisting is for example 11,20,135 will scan these ports. |
|
88 |
|
89 I just tried this on windows xp, and the comma separated list of ports does |
|
90 NOT work. Instead, use space separated list. eg: |
|
91 |
|
92 cmd> nc.exe -vv -w 2 -z www.example.com 20-25 79 80 110 137-139 443 |
|