Piping commands into a NetCat shell on a Windows machine from Linux?

0

1

I'm working on a research project, which involves remoting into a Windows machine from Linux via NetCat. The command to open up a listener is

nc.exe -Ldp PORT -e cmd.exe

And the command to connect from Linux is

nc -v IP PORT

When issuing the second command on Linux, I'm dropped into a cmd shell in whatever directory NetCat is in. And then from here I can issue DOS commands willy-nilly.

But alas, I can't seem to pass NetCat a DOS command to execute from my Linux machine. It would be really cool if I could just pipe my DOS commands into the command to connect to the NetCat listener. Then I don't have to worry about connecting via Linux, waiting to drop into a CMD shell, and then issue my DOS command. I could just string 'em all together.

How can I pipe DOS commands into NetCat in Linux such that it connects to the Windows machine and executes my commands?

Verbal Kint

Posted 2016-09-17T16:21:38.957

Reputation: 3

Just a heads up, if there's an easy fix, don't just post a comment. I can't award bounties on comments. If it answers the question regardless of brevity, post it as an answer. The first person who posts a workable solution gets the loot. – Verbal Kint – 2016-09-22T18:21:42.477

What have you tried so far? Would printf 'whoami\r\n' | nc -v <ip> <port> work? – prateek61 – 2016-09-22T18:28:15.527

I tried conventional Linux piping, no dice. And I looked into the command switches on NetCat: https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf, but I can't find anything of interest there

– Verbal Kint – 2016-09-22T18:29:48.413

Sorry -- see edit. – prateek61 – 2016-09-22T18:30:28.640

Also, some versions of netcat include a -C or a --crlf option. Does yours have that, and does that help? – prateek61 – 2016-09-22T18:34:34.200

Just gave it a go. NetCat says the connection succeeded but then it just drops me back at the Linux prompt instead of in the CMD shell. – Verbal Kint – 2016-09-22T18:34:53.687

My version does not have the -c option, but it's not a problem to switch versions. I'll give it a go... – Verbal Kint – 2016-09-22T18:38:29.097

Let us continue this discussion in chat.

– prateek61 – 2016-09-22T18:39:04.003

Answers

1

Solution was to use cat and have it wait on stdin.

cat <( printf 'whoami\r\n' ) - | nc -v <host> <port>

prateek61

Posted 2016-09-17T16:21:38.957

Reputation: 1 146

I don't exactly remember where I got this from, however I will provide the link when I find it. – prateek61 – 2016-09-22T18:52:23.537

Asked: 2016-09-17T16:21:38.957

Viewed: 1 375 times

Active: 2016-09-22T18:51:15.497