Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: [Ncat] Question: What DLLs are required to run ncat on Windows?
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Fri, 20 May 2011 07:03:09 +0100

The WinPcap requirement is probably the biggest problem, as it requires
admin privileges to create and start the service if it doesn't already
exist/isn't started.

You'd also need to install the Visual C++ 2010 redistributables for Ncat
built using VC++, which would require admin access for the Windows Installer
to do its thing, if they're not installed; but you may (as I've not checked
if you can do this with VC++ 2010) be able to get around this by dropping
the couple of runtime files into the same folder as Ncat and creating a
manifest file. This was a possibility that we ruled out for Nmap back in the
Visual C++ 2008 days as installing the files into the Nmap folder means they
won't get updated through Windows Update; we install the two OpenSSL DLLs
into the directory because there's no automatic update mechanism and to
avoid causing issues with other applications.

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Daniel Miller
Sent: 19 May 2011 23:29
To: Gisle Vanem
Cc: Nmap Dev
Subject: Re: [Ncat] Question: What DLLs are required to run ncat on Windows?

Thanks for the speedy reply. Your directory name indicates this was built
with MingW. Is the dependency tree the same for the Visual Studio build as
well? I would imagine it's very close, especially with regard to OpenSSL and
WinPCAP.

I suppose that means it's not possible to get it entirely self-contained,
then, since WinPCAP has to run as a service. I didn't know that was a
dependency, since building on Linux statically links to the included libpcap
by default (so it doesn't show up with ldd).

On Thu, May 19, 2011 at 5:10 PM, Gisle Vanem <gvanem () broadpark no> wrote:

"Daniel Miller" <bonsaiviking () gmail com> wrote:

 I know there may be better solutions for this (metasploit's 
msfpayload -E,
for instance), but maybe the answers can help improve Ncat. Scenario 
is
this: As a pentester, I can upload and execute arbitrary files. I 
want to get an interactive shell, maybe create a relay to expand my 
attack to an internal network. If I choose to upload Ncat, what DLLs 
will it require on the target system? Especially, what is unlikely to be
there already?


This is the dependency tree of ncat.exe (cygcheck is part of CygWin.
Similar
to the more known 'depends' program):

G:\MingW32\src\inet\nmap>cygcheck ./ncat.exe 
G:\MingW32\src\inet\nmap\ncat.exe  f:\windows\system32\LIBEAY32.dll
  f:\windows\system32\ADVAPI32.DLL
    f:\windows\system32\KERNEL32.dll
      f:\windows\system32\ntdll.dll
    f:\windows\system32\RPCRT4.dll
      f:\windows\system32\Secur32.dll
  f:\windows\system32\GDI32.dll
    f:\windows\system32\USER32.dll
  f:\windows\system32\msvcrt.dll
  f:\windows\system32\WS2_32.DLL
    f:\windows\system32\WS2HELP.dll
 f:\windows\system32\SSLEAY32.dll
 f:\windows\system32\wpcap.dll
  f:\windows\system32\packet.dll
    f:\windows\system32\VERSION.dll
    f:\windows\system32\NPPTools.dll
      f:\windows\system32\MFC42u.DLL
      f:\windows\system32\ole32.dll
      f:\windows\system32\OLEAUT32.dll
    f:\windows\system32\iphlpapi.dll

(mind the indenting). LIBEAY32.dll and SSLEAY32.dll are from OpenSSL.
wpcap.dll and packet.dll come from WinPcap. The rest of the DLLs 
should be part of any standard Windows installation. I'm running Win-XP
SP3.


 Is there a way to build it "statically linked" to avoid DLL issues?


Sure, but then you need to hack the makefiles yourself and replace the 
needed import libs with the static counterparts.

Gisle V.

# rm -v /bin/laden /bin/laden: removed /bin/laden 
_______________________________________________
Sent through the nmap-dev mailing list 
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault