Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Your favorite Ncat/nc/Netcat trick?
From: David Fifield <david () bamsoftware com>
Date: Thu, 12 Feb 2009 18:25:58 -0700

On Fri, Feb 13, 2009 at 12:09:53AM +0000, Brandon Enright wrote:
What's your favorite Ncat trick? Did it (or nc, etc.) ever get you out
of a jam? Do you have any experiences that would make good examples
for the users' guide?

I often use socat+netcat+perl to unwrap a SSL service and/or modify the
traffic.  For example, to turn IMAPS into IMAP, save the results, and
even mess with what is being sent via a perl script you'd do something
like:

$ mkfifo backpipe
$ while [ 1 == 1 ]; do socat OPENSSL:popmaster.ucsd.edu:993,verify=0 \
STDIO 0<backpipe | nc -l -p 143 | ./filter.pl | tee -a out 1>backpipe; done

Now, I suspect ncat could replace socat for this job.  It certainly
could replace nc.  It could also probably replace the while loop.

Ha, ha, that's awesome! I tried this:

ncat -l 143 --sh-exec "ncat --ssl mail.example.com 993 | sed -u -e 's/\<the\>/monkeys/g' | tee -a monkeys.log"
mutt -f imap://localhost

Now I can read my mail in monkey mode:

I often use socat+netcat+perl to unwrap a SSL service and/or modify
monkeys traffic.  For example, to turn IMAPS into IMAP, save monkeys
results,

Doing this feels a little dangerous because my filter doesn't understand
IMAP and I'm afraid it will mess up something in the protocol. But I
tried it anyway. Note that the -u (unbuffered) option to sed is
important because of the buffering caveat mentioned at
http://nmap.org/ncat/guide/ncat-advanced.html#ncat-command-exec.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]