Netcat

From Schmid.wiki
Jump to: navigation, search

If you want secure communication, use cryptcat.

Basically, it works just like telnet: 

# echo "GET /"|nc www.cs.aau.dk 80

Listen on Port 9999: 

# nc -l -p 9999

From another terminal: 

# nc localhost 9999
write stuff

netcat Usage Example: Hacking Internet Radio

First, we'll discover how winamp request a stream: 

$ nc -l -p 1234 >request  <- listen on port 1234 and dump the incoming data to 'request' file

Start WinAmp and use File->Play URL: [servername]:1234 and wait for it to time out. We now have a request file: 

$ cat request
GET / HTTP/1.0
Host: servitor
User-Agent: WinampMPEG/5.0
Accept: */*
Icy-MetaData:1
Connection: close

We can throw this at a internet radio server to get the data. First we'll need the servername and port. We download a internet radio link: 

$ wget -qO- http://www.bassdrive.com/BassDrive.m3u
 http://us-dc1.streams.bassdrive.com:8024
 http://us-dc1.streams.bassdrive.com:8016
 http://bassdrive.rootthis.com:8000
 http://us-tx1.streams.bassdrive.com:9000

Now, we can tunnel the stream from the radio channel to a local port: 

$ cat request | nc us-dc1.streams.bassdrive.com 8016 | nc -l -p 1234

And play it in Winamp using File->Play URL: [servername]:1234

Just to try it, we can tamper with the signal: 

$ cat request | nc us-dc1.streams.bassdrive.com 8016 | tr s X | nc -l -p 1234
                                                       \____/
                                                          |__ evil filter!

Now, we'll try sucking 30 seconds of the stream using the stored request: 

$ cat request | nc -q 30 us-dc1.streams.bassdrive.com 8016 >bassdrive
                   \___/                                       |
                     |_____________ 30 seconds          output file 'bassdrive'

We can now pretend to be the internet radio server: 

$ cat bassdrive | nc -l -p 1234

And play it in Winamp using File->Play URL: [servername]:1234 (but only for 30 seconds... :( )

The server responded to the request with this reply: 

$ head -n11 bassdrive
ICY 200 OK
 icy-notice1:<BR>This stream requires <a href="http://www.winamp.com/">Winamp</a><BR>
 icy-notice2:SHOUTcast Distributed Network Audio Server/SolarisSparc v1.9.5<BR>
 icy-name:Bassdrive - Music Beyond - 24/7 Drum and Bass Jungle Radio Featuring Live Shows
 icy-genre:Techno Drum and Bass
 icy-url:http://www.bassdrive.com
 content-type:audio/mpeg
 icy-pub:1
 icy-metaint:24576
 icy-br:128

Now, we can make a really crappy shoutcast server by playing a local MP3 file: 

$ (head -n11 bassdrive; cat /path/to/somefile.mp3) | nc -l -p 1234

References

  • $ less /usr/share/doc/netcat-110-r6/README.gz
Retrieved from "http://www.schmid.dk/wiki/index.php?title=Netcat&oldid=6752"
Personal tools