Ncat: Update and Feature Request

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

I've taken over Ncat for this latter half of the summer.  Ncat is a new and
improved Netcat which will start off life being shipped along with Nmap, but
may be packaged separately in the future.

All the changes below are based off of Chris Gibson's great original Ncat work
from GSoC 2005 and thereafter.  His Ncat site is here[1], but the current
location in SVN is here[2].

I've attached the output of 'ncat -h' so you can see all of the current
options available.

Mixter has done the following:

* Committed Ncat in our SVN from original SF.net CVS
* Build improvements (don't require automake, add -lpcap, etc)
* Fixed SSL (--ssl) and IPv6 (-6) connect problems
* Worked on VC++2008 port
* Implemented -n/--no-dns
* Some cleaning up

I have done the following so far:

* Implemented IPv6 listening (-6 -l)
* Implemented SSL listening (--ssl -l)
* Redesigned -l to behave like OpenBSD netcat rather than traditional netcat
or previous Ncat.  Now instead of specifying the port number with -l and the
source address with -s, you just specify them like you do the host/port to
connect to.  Specifying the local address is still optional
* Added -g/-G for IPv4 loose source routing (based on Nsock changes)
* Made -s actually work for binding to a local address when doing a connect
(based on Nsock changes)
* Added -p for specifying the local port to bind to (based on Nsock changes)
* Added -w for specifying a connect timeout, while keeping -t for "idle
timeout".  This differs from traditional netcat, but I like the distinction
* Added IPv6 support to --broker
* Added host access control to UDP listener and --broker
* Options taking a time argument now allow time specifications like Nmap does
(e.g. append "s" for seconds).
* Completed VC++2008 port
* Added -c, which is like -e but executes via /bin/sh
* Created preliminary ncat.xml docbook man page from original ncat.1
* Lots of cleaning up and other minor improvements

As you can see, we already have many features other Netcats are lacking!

Unlike Nmap changes, which usually has discussions or a patch, this is the
first time these changes are being mentioned here on nmap-dev.  So for a full
list of changes, and more information on some of the bigger ones, you can
check out the SVN logs.  I try to make good explanations in my commit logs,
but sometimes I can't help being lazy :)

There exist options for connecting through SOCKS4 and HTTP proxies, though I
haven't been able to test these yet.  Mixter tested the SOCKS proxy and
confirmed it's working.  There is also an option for creating and listening as
a SOCKS4 server, but comments in the code say it's broken.

For my SSL listening changes, I've added the options --ssl-cert and --ssl-key
for specifying the certificate and private key to use.  These are certainly
subject to change with any ideas on improvements.

So, while keeping in mind wanting to have an easy-to-maintain and non-bloated
Ncat, what other features would you like to see?  Do you see any improvements
that could/should be made on existing features?

Thanks!,
Kris Katterjohn

[1] http://nmap-ncat.sourceforge.net/
[2] svn://svn.insecure.org/ncat


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSITkn/9K37xXYl36AQKsdg/+M6y/W7/DicGwEP0NS5JZLCGnXI64okRm
YHeFD7MwzokQDoWk1vsSWW27KCwyqPgNEfFXj1LfAYreLG1FZQLE7DlNkQcOJIqL
t0ZbFsntZCx+dr5fvmmOONvZAL258WCk7BURdl9iDPj5pGrfF3UbDTiRpWk+iQu2
OOO98pzt3J4AR1CMs105Q6TUUVcRhKYZocZeuprlHcslsmazRZ4AdmiOMT8CauRY
XxwoXbl4xT7iBZabPBGV/QCt+93lByvbzXGYzVV9f2ovSFvmhQuYAmyaWer2Eyp1
1/InKCpuVyKX/eISYDyMeWpn7zQHsW1zYQR4yEeuZR/gToc0Cyy4O78Hhrsztcdp
186NdUOhfYGQMjtKT9SjRBhI9B1Ia0s0bV/qUo6TMCv+hXqiahZBQvHVf7aAzNiN
Dzi8/egfd5aVExm4/z9r2T2+oBsdZGEQROC2LKCqvNnUCq2WTPM5i0g4bYEgWHYI
DjPH8FacKMw0PPy8rZHIMyf3L3d2UIV0lJp2aV9as7Wb2I7Daqn6yGQVVCdvOn3R
tx5r4QIIvvh3s8K8xivp7r++lWD1E//0VoCtwLBLa9XLnNLwvHMpYIJ16FhxKW4/
RrAaOe/Srpl2U9I/pal2v24oa3k4LSXCIMivViD9Hq4jzSD5WMZ1GVTV6A1gxacU
kVoSq7Jk0ac=
=nD/9
-----END PGP SIGNATURE-----

Ncat V0.2 Usage: ncat [options] [hostname] [port]

Options taking a time assume milliseconds, unless you append an 's'
(seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30s)
  -4                         Use IPv4 only
  -6                         Use IPv6 only
  -c, --sh-exec <command>    Executes specified command via /bin/sh
  -e, --exec <command>       Executes specified command
  -g hop1[,hop2,...]         Loose source routing hop points (8 max)
  -G n                       Loose source routing hop pointer (4, 8, 12, ...)
  -m, --max-conns n          Maximum n simultaneous connections
  -h, --help                 Display this help screen
  -d, --delay <time>         Wait between read/writes
  -o, --output               Dump a session as ASCII to a file
  -x, --hex-dump             Dump a session as hex to a file
  -t, --idle-timeout <time>  Idle read/write timeout
  -p, --source-port port     Specify source port to use (doesn't affect -l)
  -s, --source addr          Specify source address to use (doesn't affect -l)
  -l, --listen               Bind and listen for incoming connections
  -n, --nodns                Do not resolve hostnames via DNS
  -u, --udp                  Use UDP instead of default TCP
  -v, --verbose              Set verbosity level (can be used up to 3 times)
  -w, --wait <time>          Connect timeout
      --sendonly             Only send data, ignoring received
      --recvonly             Only receive data, never send anything
      --socks4-server        Create a SOCKS4 server on --listen port
      --socks4-proxy         Proxy through a SOCKS4 server
      --http-proxy           HTTP/1.1 CONNECT method proxying
      --proxy-auth           Authenticate with an HTTP proxy server
      --disable-eof-Exit     Turn off 'Exit on EOF'
      --allow                Allow specific hosts to connect to Ncat
      --allowfile            A file of hosts allowed to connect to Ncat
      --deny                 Hosts to be denied from connecting to Ncat
      --denyfile             A file of hosts denied from connecting to Ncat
      --broker               Enable Ncat's Connection Brokering mode
      --talk                 Used with --broker to chat with other connected users
      --ssl                  Connect or listen with SSL
      --ssl-cert             Specify SSL certificate file (PEM) for listening
      --ssl-key              Specify SSL private key (PEM) for listening
      --version              Display Ncat's version information and exit

See the ncat(1) manpage for full options, descriptions and usage examples


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

 > So, while keeping in mind wanting to have an easy-to-maintain and non-bloated
> Ncat, what other features would you like to see?  Do you see any improvements
> that could/should be made on existing features?

Here's my initial feedback and reactions..
First off: I'm running on Debian 4.0 on i686 architecture...


./configure gave a warning about not finding ssl.h. I ran make and it compiled fine w/o ssl support.
* I had to manually copy the file to /usr/bin.
* running ncat w/o any arguments reports that I need a host to connect to and it quits. I'd recommend adding something like:
run: ncat -h for usage
*I wanted to try out the http proxy stuff but when I typed: man ncat, I got: No manual entry for ncat
Yet ncat -h says to see the man page for more details. How do I access it? I checked google(search terms: ncat manpage) and didn't see anything that looked like it.
*I looked at the -h output and tried to guess the correct syntax for the http-proxy stuff. (name of proxy changed to protect the innocent ;-p)
I ran: ncat -v --proxy myproxy:8080 www.google.com 80
I figured that would attempt a connection to www.google.com on port 80 and let me pull down a get request using myproxy port 8080 but I got:
Ncat: Unable to connect to remote host: Connection refused.
That is the same output I get if I do not specify a proxy. I sit behind one where I am testing so I can't get to external websites w/o it.

Next I ran the same commands on an internal web-server. Below are the results:
ncat myserver 80
  GET / HTTP/1.0
<returned correct html content>

ncat --http-proxy myproxy:8080 myserver 80
I got the same output as w/o the proxy but I did not have to issue the GET command myself. It seemed to issue it automatically and returned me the output as if I had issued the GET command from above.

I'm not sure why it didn't work when I tried it on an external site such as google.
I hope some of this is useful to you.

* Next, I went and found that nmap 4.68 ships w/ ssl.h so I told the ./configure to use nmap's include folder for that file. ncat configured successfully but then would not make. Below is the end of the make output:
...
/usr/bin/ld: cannot find -lssl
collect2: ld returned 1 exit status
make: *** [ncat] Error 1


Am I missing a package? Can you see anything else I can correct to get ssl support working? Let me know if you need the configure or make output in full, I can attach them.

Anyway, I hope some of this proves useful. Thanks for all your work!
Aaron

_________________________________________________________________
Stay in touch when you're away with Windows Live Messenger.
http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_messenger2_072008

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Hi Kris,

some quick remarks:

I had to install the libpcap development libraries in order to compile
the SVN trunk successfully on my Ubuntu 8.04.1 box. Is it planned to
include them (as in Nmap)?

Features I really like: traffic redirection, connection brokering and
HTTP proxy support. Well done!
 
New feature suggestion: Simple password-based symmetric encryption (-k
<secret>) for ad-hoc cases where generating and exchanging SSL
certificates is not handy.  

Regards
Dirk


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dirk Loss wrote:
> Hi Kris,
>
> some quick remarks:
>
> I had to install the libpcap development libraries in order to compile
> the SVN trunk successfully on my Ubuntu 8.04.1 box. Is it planned to
> include them (as in Nmap)?
>

Yes.  Ncat will be (according to current plans) shipped with Nmap, and thus
will share all of it's shipped libraries.  Sorry about not having it available
yet.

> Features I really like: traffic redirection, connection brokering and
> HTTP proxy support. Well done!
>  

Thanks goes to Chris as these features were already available when I began
work on Ncat; I'm just working on improving and/or finishing them :)

> New feature suggestion: Simple password-based symmetric encryption (-k
> <secret>) for ad-hoc cases where generating and exchanging SSL
> certificates is not handy.  
>

One of the items[1] planned is:

"Channel must support optional authentication and encryption, maybe through
the OpenSSL support. Needs to be simple but secure -- we're not talking about
reimplementing OpenSSH here. Should be as simple to use as specifying a
password -- user should not have to manually generate SSL keys on both sides
or anything."

Which seems to work out quite nicely.  So good idea :)

> Regards
> Dirk
>

Thanks a lot,
Kris Katterjohn

[1] http://nmap.org/SoC/Ncat.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSIU/Cf9K37xXYl36AQJvQBAAuJxSpd8tgSQCsobUp+crezWGNWeIjoNP
jQpF3LgoUwpNl22seu2AZ501E2QO11zrZTjCgHughAPagtIZfCYHH3aYRKgQgYeG
h/fFikJ6yF+3xJpO2du17U586xIy6nDLiF2xEEHkb/W+vNjL6IEN+gE76eO6807J
4yNhy6Ta/axgXJ5Fof5P5zw4A7QpOqq7gny1x1puztjp3zznQO2zWteq9clPgBbP
otgzg89mBzFQdgY7+Pm7vLV4TFpXWd4TSzlhdlbjFIwTYHVNCjj5U15HBOx+MHnw
beTQezUv/nPOXLLrF/RYOih31Kq3Pt7N/hBA4rwLQyE82/xao773WGVzRnj/LmQt
elL4Ywt/vMKJL5xP/GcjzpK82S4Ts6p37MOJpuWQjIzuK0gBeHDhDl1a1b/VTNXY
ACAZJBC/WDRB9fqpXcRBKwsxZmtRQ5NTMk4pmUMeTG5r196D9pZaKMDUSwYs8ThV
674jIWA8ZQB9RTV4MUyQKDZxvkv7S69muJ9qUroRWoMzE56LD77RHuQ6dkRB4XeG
AEhVhCXTTfSmFk8Sy0CHObzLbVJtkh3TjYBYB0eJ7BIbaRvLffjXj87yAJI3JMmY
mQ7OL1o5orHD/K2bnp/kHgN8GDQw+8kott9b8zKNg7NA5V1RY0UoJEC2ZSfIrnGy
+dS0PWz8Xm8=
=QaIm
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aaron Leininger wrote:
>  > So, while keeping in mind wanting to have an easy-to-maintain and non-bloated
>> Ncat, what other features would you like to see?  Do you see any improvements
>> that could/should be made on existing features?
>
> Here's my initial feedback and reactions..
> First off: I'm running on Debian 4.0 on i686 architecture...
>
>
> ./configure gave a warning about not finding ssl.h. I ran make and it compiled fine w/o ssl support.

Did you run configure with --without-openssl ?  I've been having issues
building Ncat like this, but it's because of some error I'm getting out of my
standard headers rather than any obvious connection to OpenSSL, but this could
just be my system.

> * I had to manually copy the file to /usr/bin.

I have not worried about the install system for Ncat yet as it will be shipped
along with Nmap.  However see below for more comments on this.

> * running ncat w/o any arguments reports that I need a host to connect to and it quits. I'd recommend adding something like:
> run: ncat -h for usage

Good idea.

> *I wanted to try out the http proxy stuff but when I typed: man ncat, I got: No manual entry for ncat
> Yet ncat -h says to see the man page for more details. How do I access it? I checked google(search terms: ncat manpage) and didn't see anything that looked like it.

Did you run "make install" when you built Ncat?  That should install Ncat and
the man pages correctly, but right now I've only been focusing on making Ncat
function correctly and I'll worry about the install system when I merge it
with Nmap's.

Maybe you need authentication to connect outside?  You can use --proxy-auth
for this.  From the man page residing in docs/man/ncat.1, the syntax for proxy
auth is "<username>:<password>"

Or maybe the proxy support is broken somehow?  I'll be looking into the
proxies shortly.

> I hope some of this is useful to you.
>

It is, thank you.

> * Next, I went and found that nmap 4.68 ships w/ ssl.h so I told the ./configure to use nmap's include folder for that file. ncat configured successfully but then would not make. Below is the end of the make output:
> ...
> /usr/bin/ld: cannot find -lssl
> collect2: ld returned 1 exit status
> make: *** [ncat] Error 1
>

Are you referring to mswin32/OpenSSL ?  That contains OpenSSL headers and
libraries for Windows only, not for any other OS.

>
> Am I missing a package? Can you see anything else I can correct to get ssl support working? Let me know if you need the configure or make output in full, I can attach them.
>

It looks like you're missing the package. On my Ubuntu box I have libssl-dev
installed; do you have it (or a *very* close relative) on your Debian box?

> Anyway, I hope some of this proves useful. Thanks for all your work!
> Aaron
>

Thanks a lot,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSIVDgP9K37xXYl36AQJbNhAAiQ/NyH8SUaMPfw2nZ9zzETrsxFi6KqdQ
jszuo+ydJYlbVB/5xrZbvrO/KicG+XGu1/inT0LSj0rDvU/XnOVYm2JJ94gO+HPF
f1+8Z82mNlO9bPXi0A9UYV4LX005/O6ofENJ0nX1k1nNC9meKqXEPTQ07i1Z69qc
jxmlNFt3FsAqhNEIEXwgLSOqGTfcarF3x/0/RlW0+oEygLoQSchUurdOntECBjTR
cOox+hvmuro7eey0ykDg66A26aW6TaKNy+L1cHiQ3OKLZocvS17NeAd0NpC6If4b
0wAT4qScQlz+ObRX6ynMOZr3IliiNpy2cfwxDgtgTH1MX0guTrkSTKVcdD4Ad1lL
XXNRuvxuMeqsBKjzeaDqUVnb6lzoKRVAn0bXKgcyc3bBVHKIASFSlnLJqDUtuJ/i
g7BoA1tj1s35cD6mDmOFoPkcTkqQB3nYbU+eam5xBf0QBa2Bh60+gXIlJaEVciNx
0ACDWvcpn3oG+niMcAgaZrNCUEZMu1Cl6eWhvYeR8AmDNJqbBHNfhS4E6p8Z152r
Ql4fT6Kq5ZLnECA8vHKEmp3sdWl2guRfH7TAq/FfeX2tXiMbH8Q04F5TSrH0MD2C
NtTk8wfvtUc1O9dBtduW6juZTxeahtWlBkfQf23pfZaZgltVP+ZRt3v8j2jngUid
6/UG3h4gZ6I=
=sVxW
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Nice work!, I love ncat beeing alive again. Thank you!

Feedback:
0- Debian 4.0 unstable with libssl-dev preinstalled. Ncat svn revision 9002
1- ncat compiled like a charm, the only warning printed was :
        config.status: WARNING:  Makefile.in seems to ignore the --datarootdir
setting
2- ncat binary and man page installed correctly

3- Executing "ncat localhost" (no port specified) prints:
        "Unable to connect to remote host"
    But debian's nc prints out a more detailed error text: "nc localhost"
        "no port[s] to connect to"

4- Connecting to localhost with "ncat localhost 22" prints out the following
as the first line: "Connected to 127.0.0.1:22", wich is a bit odd to me,
because I'm used to see just what the other side of the channel sends unless
I specify the -v or something. I would like ncat to be 'quiet' by default,
what do you think? What if the other side of the channel sends "Connected to
127.0.0.1:23" as a kind-of deceptive measure?

5- Maybe this is a bug: Connecting to an ssh server, the ssh server closes the
connection sending a FIN packet (because I didn't speak the ssh protocol
right) but ncat doesn't respond with a FIN-ACK packet, it seems to believe
the connection is still up, and keep sending packets. After the four "string"
sent to the ssh server, ncat dies because is "Unable to connect to remote
host". I'm attaching the nc -vvv output [ncat-internet-ssh-FIN-bug-1.txt] and
a tcpdump capture [ncat.internet.ssh.FIN-bug-1.pcap]

6- 'ncat -l 9000 > /tmp/test' and 'ncat localhost 9000 < /bin/ls' works fine,
but, 'ncat -l 9000 < /bin/ls' doesn't work at all. It prints:

        ncat -l 9000 < /bin/ls
        write: Broken pipe

        Ncat man page state this shoud work:
        Send a file over TCP port ‘9899’ to host ‘example.org’. (this also works in
reverse and turns Ncat into a "one file" server!)
         HOST1$ ncat -l 9899 > outputfile
         HOST2$ ncat example.org 9899 < inputfile


7- Ncat is in the PATH but trying ncat --exec "ncat www.google.com.ar 80" -l
9000  and later "ncat localhost 9000" doesn't work for me, it ends
with "execv: No such file or directory". I'm attaching the -vvv output
[ncat-exec-bug-1.txt]. But if I give the full path it works fine!, like this:  
ncat --exec "/usr/local/bin/ncat www.google.com.ar 80" -l 9000

Note that ncat --exec "/bin/bash" -l 9000 and the like, does work fine too.

8- New feature request: --allow and --deny works fine but I'm still able to
state that port as 'open' because ncat does respond to me. Is there a way to
make ncat show it's open port as 'closed' when the Ip is denied? This would
really be useful to hide our ncat from people scanning our servers (perhaps
using nmap?!)

9- Trying "ncat --socks4-server -l 5001" didn't work for me neither. Firefox
gets a page, but that page has four null bytes at the beginning. I'm
attaching the tcpdump capture file [ncat-socks-1.pcap], and the file firefox
makes me 'save' because it didn't know the protocol [firefox-save.bin].
All the ncat server says is:
ncat --socks4-server -l 5001 -vvv
Listening on 0.0.0.0:5001
DEBUG: SOCKS4 request from 209.68.27.16:
DEBUG: VN: 4
DEBUG: CD: 1
DEBUG: Port: 80
DEBUG: Addr: 209.68.27.16
DEBUG: Null: 0


10- ncat: invalid option -- r

11- ncat: unrecognized option `--send-only'

12- Performance and cpu compare:
Being /tmp/b a 10Mb file created from /dev/zero with dd

With nc:
nc -l -p 9000 > /tmp/a
nc localhost 9000 < /tmp/b
Time: pair of seconds. No notable cpu usage

With ncat:
ncat -l 9000 > /tmp/a
ncat localhost 9000 < /tmp/b
Time: Almost 35 seconds. 100% cpu usage all that time.

Also ncat send 1024 packets, and nc send 139. I'm attaching both pcaps
[tcpdump-nc-file-transfer.pcap and tcpdump-ncat-file-transfer.pcap]


13- I'm not sure to report this, but during 12- test, I was able to capture
every packet with tcpdump from the 'nc' test as soon as the travel across the
wire, but with 'ncat' the same tcpdump shows me packets 31 seconds after the
connection started. You can see the time problem in the packets into the pcap
file attached. Is anyone having the same troubel here? I
used: 'tcpdump -n -s0 -i lo', with tcpdump version 3.9.8 and libpcap version
0.9.8

14- ncat --broker --talk -l 9000 works fine except that users start to count
from <user4>. Is this ok? It can make you believe that 3 previous users were
connected. And i'm sure i'm alone here.


well, thats all for now...

cheers and thanks!

eldraco





El Monday 21 July 2008 16:33:54 Kris Katterjohn escribió:

--
Ing. Sebastián García
http://minsky.surfnet.nl:11371/pks/lookup?op=get&search=0x3E42ED27F864EDE6

ncat scanme.nmap.org 22 -vvv
NSOCK (1226703.8650s) msevent_new (IOD #1) (EID #8)
NSOCK (1226703.8650s) TCP connection requested to 64.13.134.52:22 (IOD #1) EID 8
NSOCK (1226703.8650s) NSE #8: Adding event
NSOCK (1226703.8660s) nsock_loop() started (no timeout). 1 events pending
NSOCK (1226703.8660s) wait_for_events
NSOCK (1226704.1040s) before iterating, list 0
NSOCK (1226704.1040s) before iterating 8
NSOCK (1226704.1040s) before iterating, list 1
NSOCK (1226704.1040s) before iterating, list 2
NSOCK (1226704.1040s) before iterating, list 3
NSOCK (1226704.1040s) before iterating, list 4
NSOCK (1226704.1040s) list 0, iterating 8
NSOCK (1226704.1040s) NSE #8: Removing event from event_lists[0]
NSOCK (1226704.1040s) Callback: CONNECT SUCCESS for EID 8 [64.13.134.52:22]
Received callback of type CONNECT with status SUCCESS
Connected to 64.13.134.52:22
NSOCK (1226704.1040s) msevent_new (IOD #1) (EID #18)
NSOCK (1226704.1040s) Read request for 1 lines from IOD #1 [64.13.134.52:22] EID 18
NSOCK (1226704.1040s) NSE #18: Adding event
NSOCK (1226704.1040s) msevent_new (IOD #2) (EID #26)
NSOCK (1226704.1040s) Read request for 1 lines from IOD #2 (peer unspecified) EID 26
NSOCK (1226704.1040s) NSE #26: Adding event
NSOCK (1226704.1040s) msevent_delete (IOD #1) (EID #8)
NSOCK (1226704.1040s) list 1, iterating 26
NSOCK (1226704.1040s) list 1, iterating 18
NSOCK (1226704.1050s) wait_for_events
NSOCK (1226704.3670s) before iterating, list 0
NSOCK (1226704.3670s) before iterating, list 1
NSOCK (1226704.3670s) before iterating 26
NSOCK (1226704.3670s) before iterating 18
NSOCK (1226704.3670s) before iterating, list 2
NSOCK (1226704.3670s) before iterating, list 3
NSOCK (1226704.3670s) before iterating, list 4
NSOCK (1226704.3670s) list 1, iterating 26
NSOCK (1226704.3670s) list 1, iterating 18
NSOCK (1226704.3670s) NSE #18: Removing event from event_lists[1]
NSOCK (1226704.3670s) Callback: READ SUCCESS for EID 18 [64.13.134.52:22] (20 bytes): SSH-2.0-OpenSSH_4.3.
Received callback of type READ with status SUCCESS
SSH-2.0-OpenSSH_4.3
NSOCK (1226704.3670s) msevent_new (IOD #1) (EID #34)
NSOCK (1226704.3670s) Read request for 1 lines from IOD #1 [64.13.134.52:22] EID 34
NSOCK (1226704.3670s) NSE #34: Adding event
NSOCK (1226704.3670s) msevent_delete (IOD #1) (EID #18)
NSOCK (1226704.3670s) wait_for_events
text1
NSOCK (1226708.4560s) before iterating, list 0
NSOCK (1226708.4560s) before iterating, list 1
NSOCK (1226708.4560s) before iterating 34
NSOCK (1226708.4560s) before iterating 26
NSOCK (1226708.4560s) before iterating, list 2
NSOCK (1226708.4560s) before iterating, list 3
NSOCK (1226708.4560s) before iterating, list 4
NSOCK (1226708.4560s) list 1, iterating 34
NSOCK (1226708.4560s) list 1, iterating 26
NSOCK (1226708.4560s) NSE #26: Removing event from event_lists[1]
NSOCK (1226708.4560s) Callback READ SUCCESS for EID 26 (peer unspecified) (6 bytes): text1.
Received callback of type READ with status SUCCESS
NSOCK (1226708.4560s) msevent_new (IOD #1) (EID #43)
NSOCK (1226708.4560s) Write request for 6 bytes to IOD #1 EID 43 [64.13.134.52:22]: text1.
NSOCK (1226708.4560s) NSE #43: Adding event
NSOCK (1226708.4560s) msevent_new (IOD #2) (EID #50)
NSOCK (1226708.4560s) Read request for 1 lines from IOD #2 (peer unspecified) EID 50
NSOCK (1226708.4560s) NSE #50: Adding event
NSOCK (1226708.4560s) msevent_delete (IOD #2) (EID #26)
NSOCK (1226708.4560s) list 2, iterating 43
NSOCK (1226708.4560s) wait_for_events
NSOCK (1226708.4560s) before iterating, list 0
NSOCK (1226708.4560s) before iterating, list 1
NSOCK (1226708.4560s) before iterating 50
NSOCK (1226708.4560s) before iterating 34
NSOCK (1226708.4560s) before iterating, list 2
NSOCK (1226708.4560s) before iterating 43
NSOCK (1226708.4560s) before iterating, list 3
NSOCK (1226708.4560s) before iterating, list 4
NSOCK (1226708.4560s) list 1, iterating 50
NSOCK (1226708.4560s) list 1, iterating 34
NSOCK (1226708.4560s) list 2, iterating 43
NSOCK (1226708.4560s) NSE #43: Removing event from event_lists[2]
NSOCK (1226708.4560s) Callback: WRITE SUCCESS for EID 43 [64.13.134.52:22]
Received callback of type WRITE with status SUCCESS
NSOCK (1226708.4560s) msevent_delete (IOD #1) (EID #43)
NSOCK (1226708.4580s) wait_for_events
NSOCK (1226708.6920s) before iterating, list 0
NSOCK (1226708.6920s) before iterating, list 1
NSOCK (1226708.6920s) before iterating 50
NSOCK (1226708.6920s) before iterating 34
NSOCK (1226708.6920s) before iterating, list 2
NSOCK (1226708.6920s) before iterating, list 3
NSOCK (1226708.6920s) before iterating, list 4
NSOCK (1226708.6920s) list 1, iterating 50
NSOCK (1226708.6920s) list 1, iterating 34
NSOCK (1226708.6920s) NSE #34: Removing event from event_lists[1]
NSOCK (1226708.6920s) Callback: READ SUCCESS for EID 34 [64.13.134.52:22] (19 bytes): Protocol mismatch..
Received callback of type READ with status SUCCESS
Protocol mismatch.
NSOCK (1226708.6920s) msevent_new (IOD #1) (EID #58)
NSOCK (1226708.6920s) Read request for 1 lines from IOD #1 [64.13.134.52:22] EID 58
NSOCK (1226708.6920s) NSE #58: Adding event
NSOCK (1226708.6920s) msevent_delete (IOD #1) (EID #34)
NSOCK (1226708.6920s) wait_for_events
NSOCK (1226708.6920s) before iterating, list 0
NSOCK (1226708.6920s) before iterating, list 1
NSOCK (1226708.6920s) before iterating 58
NSOCK (1226708.6920s) before iterating 50
NSOCK (1226708.6920s) before iterating, list 2
NSOCK (1226708.6920s) before iterating, list 3
NSOCK (1226708.6920s) before iterating, list 4
NSOCK (1226708.6920s) list 1, iterating 58
NSOCK (1226708.6920s) NSE #58: Removing event from event_lists[1]
NSOCK (1226708.6920s) Callback: READ EOF for EID 58 [64.13.134.52:22]
Received callback of type READ with status EOF
NSOCK (1226708.6920s) msevent_delete (IOD #1) (EID #58)
NSOCK (1226708.6920s) list 1, iterating 50
NSOCK (1226708.6920s) wait_for_events
text2
NSOCK (1226715.0560s) before iterating, list 0
NSOCK (1226715.0560s) before iterating, list 1
NSOCK (1226715.0560s) before iterating 50
NSOCK (1226715.0560s) before iterating, list 2
NSOCK (1226715.0560s) before iterating, list 3
NSOCK (1226715.0560s) before iterating, list 4
NSOCK (1226715.0560s) list 1, iterating 50
NSOCK (1226715.0560s) NSE #50: Removing event from event_lists[1]
NSOCK (1226715.0560s) Callback READ SUCCESS for EID 50 (peer unspecified) (6 bytes): text2.
Received callback of type READ with status SUCCESS
NSOCK (1226715.0560s) msevent_new (IOD #1) (EID #67)
NSOCK (1226715.0560s) Write request for 6 bytes to IOD #1 EID 67 [64.13.134.52:22]: text2.
NSOCK (1226715.0560s) NSE #67: Adding event
NSOCK (1226715.0560s) msevent_new (IOD #2) (EID #74)
NSOCK (1226715.0560s) Read request for 1 lines from IOD #2 (peer unspecified) EID 74
NSOCK (1226715.0560s) NSE #74: Adding event
NSOCK (1226715.0560s) msevent_delete (IOD #2) (EID #50)
NSOCK (1226715.0560s) list 2, iterating 67
NSOCK (1226715.0560s) wait_for_events
NSOCK (1226715.0560s) before iterating, list 0
NSOCK (1226715.0560s) before iterating, list 1
NSOCK (1226715.0560s) before iterating 74
NSOCK (1226715.0560s) before iterating, list 2
NSOCK (1226715.0560s) before iterating 67
NSOCK (1226715.0560s) before iterating, list 3
NSOCK (1226715.0560s) before iterating, list 4
NSOCK (1226715.0560s) list 1, iterating 74
NSOCK (1226715.0560s) list 2, iterating 67
NSOCK (1226715.0560s) NSE #67: Removing event from event_lists[2]
NSOCK (1226715.0560s) Callback: WRITE SUCCESS for EID 67 [64.13.134.52:22]
Received callback of type WRITE with status SUCCESS
NSOCK (1226715.0560s) msevent_delete (IOD #1) (EID #67)
NSOCK (1226715.0560s) wait_for_events
text3
NSOCK (1226721.2650s) before iterating, list 0
NSOCK (1226721.2650s) before iterating, list 1
NSOCK (1226721.2650s) before iterating 74
NSOCK (1226721.2650s) before iterating, list 2
NSOCK (1226721.2650s) before iterating, list 3
NSOCK (1226721.2650s) before iterating, list 4
NSOCK (1226721.2650s) list 1, iterating 74
NSOCK (1226721.2650s) NSE #74: Removing event from event_lists[1]
NSOCK (1226721.2650s) Callback READ SUCCESS for EID 74 (peer unspecified) (6 bytes): text3.
Received callback of type READ with status SUCCESS
NSOCK (1226721.2650s) msevent_new (IOD #1) (EID #83)
NSOCK (1226721.2650s) Write request for 6 bytes to IOD #1 EID 83 [64.13.134.52:22]: text3.
NSOCK (1226721.2650s) NSE #83: Adding event
NSOCK (1226721.2650s) msevent_new (IOD #2) (EID #90)
NSOCK (1226721.2650s) Read request for 1 lines from IOD #2 (peer unspecified) EID 90
NSOCK (1226721.2650s) NSE #90: Adding event
NSOCK (1226721.2650s) msevent_delete (IOD #2) (EID #74)
NSOCK (1226721.2650s) list 2, iterating 83
NSOCK (1226721.2650s) wait_for_events
NSOCK (1226721.2650s) before iterating, list 0
NSOCK (1226721.2650s) before iterating, list 1
NSOCK (1226721.2650s) before iterating 90
NSOCK (1226721.2650s) before iterating, list 2
NSOCK (1226721.2650s) before iterating 83
NSOCK (1226721.2650s) before iterating, list 3
NSOCK (1226721.2650s) before iterating, list 4
NSOCK (1226721.2650s) list 1, iterating 90
NSOCK (1226721.2650s) list 2, iterating 83
NSOCK (1226721.2650s) NSE #83: Removing event from event_lists[2]
NSOCK (1226721.2650s) Callback: WRITE ERROR [Broken pipe (32)] for EID 83 [64.13.134.52:22]
Received callback of type WRITE with status ERROR
NSOCK (1226721.2650s) msevent_delete (IOD #1) (EID #83)
NSOCK (1226721.2650s) wait_for_events
text4
NSOCK (1226727.8840s) before iterating, list 0
NSOCK (1226727.8840s) before iterating, list 1
NSOCK (1226727.8840s) before iterating 90
NSOCK (1226727.8840s) before iterating, list 2
NSOCK (1226727.8840s) before iterating, list 3
NSOCK (1226727.8840s) before iterating, list 4
NSOCK (1226727.8840s) list 1, iterating 90
NSOCK (1226727.8840s) NSE #90: Removing event from event_lists[1]
NSOCK (1226727.8840s) Callback READ SUCCESS for EID 90 (peer unspecified) (6 bytes): text4.
Received callback of type READ with status SUCCESS
NSOCK (1226727.8840s) msevent_new (IOD #1) (EID #99)
NSOCK (1226727.8840s) Write request for 6 bytes to IOD #1 EID 99 [64.13.134.52:22]: text4.
NSOCK (1226727.8840s) NSE #99: Adding event
NSOCK (1226727.8840s) msevent_new (IOD #2) (EID #106)
NSOCK (1226727.8840s) Read request for 1 lines from IOD #2 (peer unspecified) EID 106
NSOCK (1226727.8840s) NSE #106: Adding event
NSOCK (1226727.8840s) msevent_delete (IOD #2) (EID #90)
NSOCK (1226727.8840s) list 2, iterating 99
NSOCK (1226727.8850s) wait_for_events
NSOCK (1226729.8840s) before iterating, list 0
NSOCK (1226729.8840s) before iterating, list 1
NSOCK (1226729.8840s) before iterating 106
NSOCK (1226729.8840s) before iterating, list 2
NSOCK (1226729.8840s) before iterating 99
NSOCK (1226729.8840s) before iterating, list 3
NSOCK (1226729.8840s) before iterating, list 4
NSOCK (1226729.8840s) list 1, iterating 106
NSOCK (1226729.8840s) list 2, iterating 99
NSOCK (1226729.8840s) NSE #99: Removing event from event_lists[2]
NSOCK (1226729.8840s) Callback: WRITE TIMEOUT for EID 99 [64.13.134.52:22]
Received callback of type WRITE with status TIMEOUT
Unable to connect to remote host

ncat --exec "ncat www.google.com.ar 80" -l 9000 -vvv
Listening on 0.0.0.0:9000
DEBUG: initialized fdlist with 102 maxfds
DEBUG: added fd 3 to list, nfds 1, maxfd 3
DEBUG: added fd 0 to list, nfds 2, maxfd 3
DEBUG: selecting, fdmax 3
DEBUG: select returned 1 fds ready
DEBUG: fd 3 is ready
DEBUG: accept returned 4, errno 0
DEBUG: Executing: ncat www.google.com.ar 80
DEBUG: listen tcp: parent closed 4
DEBUG: listen tcp: accepted new connection
DEBUG: selecting, fdmax 3
DEBUG: select returned 1 fds ready
DEBUG: fd 3 is ready
DEBUG: accept returned 4, errno 10
DEBUG: Executing: ncat www.google.com.ar 80
DEBUG: listen tcp: parent closed 4
DEBUG: listen tcp: accepted new connection
DEBUG: selecting, fdmax 3
DEBUG: select returned 1 fds ready
DEBUG: fd 3 is ready
DEBUG: accept returned 4, errno 10
DEBUG: Executing: ncat www.google.com.ar 80
DEBUG: listen tcp: parent closed 4
DEBUG: listen tcp: accepted new connection
DEBUG: selecting, fdmax 3


--------------------------------------------------------------------


ncat localhost 9000 -vvv
NSOCK (1228298.0460s) msevent_new (IOD #1) (EID #8)
NSOCK (1228298.0460s) TCP connection requested to 127.0.0.1:9000 (IOD #1) EID 8
NSOCK (1228298.0460s) NSE #8: Adding event
NSOCK (1228298.0490s) nsock_loop() started (no timeout). 1 events pending
NSOCK (1228298.0490s) wait_for_events
NSOCK (1228298.0490s) before iterating, list 0
NSOCK (1228298.0490s) before iterating 8
NSOCK (1228298.0490s) before iterating, list 1
NSOCK (1228298.0490s) before iterating, list 2
NSOCK (1228298.0490s) before iterating, list 3
NSOCK (1228298.0490s) before iterating, list 4
NSOCK (1228298.0490s) list 0, iterating 8
NSOCK (1228298.0490s) NSE #8: Removing event from event_lists[0]
NSOCK (1228298.0490s) Callback: CONNECT SUCCESS for EID 8 [127.0.0.1:9000]
Received callback of type CONNECT with status SUCCESS
Connected to 127.0.0.1:9000
NSOCK (1228298.0490s) msevent_new (IOD #1) (EID #18)
NSOCK (1228298.0490s) Read request for 1 lines from IOD #1 [127.0.0.1:9000] EID 18
NSOCK (1228298.0490s) NSE #18: Adding event
NSOCK (1228298.0490s) msevent_new (IOD #2) (EID #26)
NSOCK (1228298.0490s) Read request for 1 lines from IOD #2 (peer unspecified) EID 26
NSOCK (1228298.0490s) NSE #26: Adding event
NSOCK (1228298.0490s) msevent_delete (IOD #1) (EID #8)
NSOCK (1228298.0490s) list 1, iterating 26
NSOCK (1228298.0490s) list 1, iterating 18
NSOCK (1228298.0510s) wait_for_events
NSOCK (1228298.0510s) before iterating, list 0
NSOCK (1228298.0510s) before iterating, list 1
NSOCK (1228298.0510s) before iterating 26
NSOCK (1228298.0510s) before iterating 18
NSOCK (1228298.0510s) before iterating, list 2
NSOCK (1228298.0510s) before iterating, list 3
NSOCK (1228298.0510s) before iterating, list 4
NSOCK (1228298.0510s) list 1, iterating 26
NSOCK (1228298.0510s) list 1, iterating 18
NSOCK (1228298.0510s) NSE #18: Removing event from event_lists[1]
NSOCK (1228298.0510s) Callback: READ SUCCESS for EID 18 [127.0.0.1:9000] (195 bytes)
Received callback of type READ with status SUCCESS
DEBUG: Executable path: ncat
DEBUG: Command argument: www.google.com.ar
DEBUG: Command argument: 80
DEBUG: Executing redirected command ncat www.google.com.ar 80
execv: No such file or directory
NSOCK (1228298.0510s) msevent_new (IOD #1) (EID #34)
NSOCK (1228298.0510s) Read request for 1 lines from IOD #1 [127.0.0.1:9000] EID 34
NSOCK (1228298.0510s) NSE #34: Adding event
NSOCK (1228298.0510s) msevent_delete (IOD #1) (EID #18)
NSOCK (1228298.0530s) wait_for_events
NSOCK (1228298.0540s) before iterating, list 0
NSOCK (1228298.0540s) before iterating, list 1
NSOCK (1228298.0540s) before iterating 34
NSOCK (1228298.0540s) before iterating 26
NSOCK (1228298.0540s) before iterating, list 2
NSOCK (1228298.0540s) before iterating, list 3
NSOCK (1228298.0540s) before iterating, list 4
NSOCK (1228298.0540s) list 1, iterating 34
NSOCK (1228298.0540s) NSE #34: Removing event from event_lists[1]
NSOCK (1228298.0540s) Callback: READ EOF for EID 34 [127.0.0.1:9000]
Received callback of type READ with status EOF
NSOCK (1228298.0540s) msevent_delete (IOD #1) (EID #34)
NSOCK (1228298.0540s) list 1, iterating 26
NSOCK (1228298.0550s) wait_for_events



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

eldraco wrote:
> Nice work!, I love ncat beeing alive again. Thank you!
>

No problem, I'm glad you like it.

It's late here and I have class tomorrow, so I'll have to look more in-depth
into these issues later.

> Feedback:
> 0- Debian 4.0 unstable with libssl-dev preinstalled. Ncat svn revision 9002
> 1- ncat compiled like a charm, the only warning printed was :
> config.status: WARNING:  Makefile.in seems to ignore the --datarootdir
> setting

Ncat doesn't need that option, so it ignores it.  I have the same warning in
my config.log for Nmap.

> 2- ncat binary and man page installed correctly
>

Great.

> 3- Executing "ncat localhost" (no port specified) prints:
> "Unable to connect to remote host"
>     But debian's nc prints out a more detailed error text: "nc localhost"
> "no port[s] to connect to"
>

Yes, good idea.

> 4- Connecting to localhost with "ncat localhost 22" prints out the following
> as the first line: "Connected to 127.0.0.1:22", wich is a bit odd to me,
> because I'm used to see just what the other side of the channel sends unless
> I specify the -v or something. I would like ncat to be 'quiet' by default,
> what do you think? What if the other side of the channel sends "Connected to
> 127.0.0.1:23" as a kind-of deceptive measure?
>

This is a good idea as well.  It kind of irritated me at first, but I grew to
like it when testing without wanting the rest of the -v output.  I'll remove it.

> 5- Maybe this is a bug: Connecting to an ssh server, the ssh server closes the
> connection sending a FIN packet (because I didn't speak the ssh protocol
> right) but ncat doesn't respond with a FIN-ACK packet, it seems to believe
> the connection is still up, and keep sending packets. After the four "string"
> sent to the ssh server, ncat dies because is "Unable to connect to remote
> host". I'm attaching the nc -vvv output [ncat-internet-ssh-FIN-bug-1.txt] and
> a tcpdump capture [ncat.internet.ssh.FIN-bug-1.pcap]
>

OK I'll look into this.  The host doesn't have to respond with a FIN/ACK if
it's going to continue sending data (it just sends an ACK), but it sounds like
Ncat doesn't know when to stop.

Hmm.. it doesn't error out for me.  It doesn't work correctly for me because
it reads all of stdin and exits from EOF before I get a chance to connect to
it, so there exists a bug for sure, but I'm not getting the broken pipe.

> 7- Ncat is in the PATH but trying ncat --exec "ncat www.google.com.ar 80" -l
> 9000  and later "ncat localhost 9000" doesn't work for me, it ends
> with "execv: No such file or directory". I'm attaching the -vvv output
> [ncat-exec-bug-1.txt]. But if I give the full path it works fine!, like this:  
> ncat --exec "/usr/local/bin/ncat www.google.com.ar 80" -l 9000
>
> Note that ncat --exec "/bin/bash" -l 9000 and the like, does work fine too.
>

The -e/--exec option requires the full path because it execs it based on it,
but you can use the -c/--sh-exec I added to execute the program via /bin/sh so
it doesn't require the full path.

> 8- New feature request: --allow and --deny works fine but I'm still able to
> state that port as 'open' because ncat does respond to me. Is there a way to
> make ncat show it's open port as 'closed' when the Ip is denied? This would
> really be useful to hide our ncat from people scanning our servers (perhaps
> using nmap?!)
>

Sorry, that would require something lower level.

OK, thank you.  I haven't begun messing with this (and it is labeled broken in
the code), but I'll be sure to look at your example when I start.

> 10- ncat: invalid option -- r
>

Rather than fixing this, I think the -r reference should just be removed
all-together.  --sendonly doesn't have an equivalent, and it's obviously not
even working.

> 11- ncat: unrecognized option `--send-only'
>

As implemented, there are no hyphens in these options.  The man page is
incorrect, but I prefer the hyphens so I'll change it unless there is any
objection.  The netcat6 package I've used on Ubuntu uses hyphens for these
options as well.

Hmm... I'll look into these.

> 14- ncat --broker --talk -l 9000 works fine except that users start to count
> from <user4>. Is this ok? It can make you believe that 3 previous users were
> connected. And i'm sure i'm alone here.
>

That's because the number is based on the file descriptor value used by the
server.  0 is stdin, so that's used if you're speaking from the server.  The
others start at 4 because 1=stdout, 2=stderr and 3=listening socket.

>
> well, thats all for now...
>

That's plenty :)

> cheers and thanks!
>
> eldraco
>
>

Thank you for your help and testing!,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSIWF/v9K37xXYl36AQLgAg//do4RFTTmPoDkBPsppsJ42veJ/gLDwug1
hLWr/dtsXgES7Ff/qQvFgAPBzwRWfukRfDYLM1qyPvQA2km/CZCueIKo4HJDDP/K
1BgZbzXrUpj319HRUA4abkp91DkwkO4jsqdO/fKhoYF77XCwhw9uT1rAKcH123oJ
6U4JopqJhirfEA/47czBSZhbV/P2HkejX7NX33P4gIJjB1mvzC0LjGH8JvPC4RDE
Ya+xk/YC2EZUAFGpZXdeVD3RYA+GoHYI5i8K7AWTJKyvtpcVZD4zQYBVoNzaEwaQ
x2J0J7f/nIJ9YX9sb0gMpI3gXMpfJhZT8NSGI4kkOnrEh1LZTcKy7T50Vh0f4Y4S
evih5rzNxLxweSxpCMNlvT1SdY4nXcesFm9ldO8CEQsq4hAzORT1S0Tg/S+06gwv
U5/K3f1V5nYdbGXTBE81p+DXjkmOE/o885M2VtNCwd2MBzuLJvOK0dXp8PyCZo65
jUs9DzAA1cUYsqjZMeyrSqYq5vKJtlluXhKSPr8SuvEf+3+/9rWSdGLTN4oevmbR
4ERwmAKSTqy3nLWNSFw8PLb6yzVFJgS0RlGOsCOGh4jQGcBGLDmhgkmKIG6JvzDv
4WsTQBmPjOGPv2Sifld10ECXkrmqa/uo87Q7Lji6Ib2vQU7iUZhj1quZEXsoHToL
g/eOrEx/b7Q=
=duge
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Hi,

one more feature suggestion (taken from the SBD help screen [1]):

 -r n   infinitely respawn/reconnect, pause for n seconds between
        connection attempts. -r0 can be used to re-listen after
        disconnect (just like a regular daemon)

Attached is a small patch that fixes some typos in the man page. (Is the
nroff version generated from the XML file? The examples section seems to
be missing in the XML file.)

Regards
Dirk

[1] http://www.cycom.se/dl/sbd

[ncat-man.patch]

---

diff -ur ncat-orig/docs/man/ncat.1 ncat/docs/man/ncat.1
--- ncat-orig/docs/man/ncat.1 2008-07-22 09:24:37.000000000 +0200
+++ ncat/docs/man/ncat.1 2008-07-21 23:27:23.000000000 +0200
@@ -18,7 +18,7 @@
 .P
 Among some of Ncat's features there is the ability to chain Ncat's
 together, redirect both TCP and UDP ports to other sites, SSL support,
-proxy connections via SOCKS4 or HTTP (CONNECT method) Proxies. Support is
+proxy connections via SOCKS4 or HTTP (CONNECT method) proxies. Support is
 provided for proxy authorization also. You can even create
 yourself a poor man's SSH server, poor man's Chat Server or virtually anything you
 like. Some general principals apply to most applications and thus give you the
@@ -63,6 +63,9 @@
 ncat --socks4-server -l 5001
 .P
 Connect to a SOCKS4 server on port 1080
+.br
+.B
+.in 9
 ncat --socks4-proxy socksuser:sockspass@smtphost:25 socks4host 1080
 .P
 SOCKS4 proxy incoming connections on TCP port `8081' through `proxyhost.com' on port `1080' to `otherhost.net' on TCP port `9899' using the SOCKS4 username `user' and SOCKS4 password `pass'
@@ -72,7 +75,7 @@
 ncat -l 8081 --exec "ncat --socks4-proxy user:pass@...:1080 otherhost.org 9899"
 
 .P
-Send a file over TCP port `9899' to host `example.org'. (this also works in reverse and turns Ncat into a "one file" server!)
+Send a file over TCP port `9899' to host `example.org'. (This also works in reverse and turns Ncat into a "one file" server!)
 .br
 .B
 .in 9

---

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

> > ./configure gave a warning about not finding ssl.h. I ran make and it compiled fine w/o ssl support.
>
> Did you run configure with --without-openssl ?  I've been having issues
> building Ncat like this, but it's because of some error I'm getting out of my
> standard headers rather than any obvious connection to OpenSSL, but this could
> just be my system.
I actually ran ./configure w/o any options and got a message from make saying ssl support was disabled...

> > *I wanted to try out the http proxy stuff but when I typed: man ncat, I got: No manual entry for ncat
> > Yet ncat -h says to see the man page for more details. How do I access it? I checked google(search terms: ncat manpage) and didn't see anything that looked like it.
>
> Did you run "make install" when you built Ncat?  That should install Ncat and
> the man pages correctly, but right now I've only been focusing on making Ncat
> function correctly and I'll worry about the install system when I merge it
> with Nmap's.
As a matter of fact, I did run make install. I ended up copying ncat.1 out of your docs/man/ folder to the same spot as nmap's man page and it worked after that.
I ran man -w nmap to find the location. It came back /usr/local/man/man1/nmap.1


> > I'm not sure why it didn't work when I tried it on an external site such as google.
>
> Maybe you need authentication to connect outside?  You can use --proxy-auth
> for this.  From the man page residing in docs/man/ncat.1, the syntax for proxy
> auth is "<username>:<password>"
We run our authenticated proxy off of port 3128..less restricted. port 8080 requires no auth but more restricted...but I know google is not blocked; that's why I chose it as a test.
I ran the following command to test your proxy-auth syntax:
$ncat --http-proxy myproxy:3128 --proxy-auth user:pass www.google.com 80
result was: Segmentation Fault.
Did I do something wrong with the syntax?

> > Am I missing a package? Can you see anything else I can correct to get ssl support working? Let me know if you need the configure or make output in full, I can attach them.
>
> It looks like you're missing the package. On my Ubuntu box I have libssl-dev
> installed; do you have it (or a *very* close relative) on your Debian box?
Good catch. No I did not. I installed libssl-dev through apt-get and ran:
$./configure
$make
$sudo make install
No errors about SSL this time. I copied the new binary to /usr/bin and still no manpage...this is where I figured out how to manually copy the man page, as I described above, so that '$man ncat' now works.

One more thing I will add is that ncat -h does not show the -ssl option though it is listed in the man page.

Thanks again for your work and hopefully some of this is helpful.
-Aaron



_________________________________________________________________
With Windows Live for mobile, your contacts travel with you.
http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_mobile_072008

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aaron Leininger wrote:
Hmm... it installs fine for eldraco and me.  I'm really not sure what your
problem would be.

But for the most up-to-date information, the docbook ncat.xml in docs/man
contains the newest information (or should, I try to update it as I go).  So
until I can generate the man page from the XML, that's the best source for
now.  You can't install it and use it like a man page, but it's not horrible
to read as-is either.

OK, I've been working on the HTTP proxy stuff.  --http-proxy and --proxy-auth
were both broken.

Your user:pass syntax should be good, it's just that Ncat was trying to copy
it without allocating any memory for it... I haven't tested the authentication
against an actual proxy, but I've run the Base64-encoded string generated for
the proxy request through a decoder and it came out right.

And the HTTP proxy stuff was broken because it was trying to "CONNECT" to the
proxy server through the target host rather than the other way around.

I've committed fixes for these, so if you can try it out and let me know how
it goes, that would be great.

Also, the port number defaults to 3128 for the HTTP proxy, so you don't need
to specify that.  However, the exception is that if you specify the proxy
server as an IPv6 address (rather than hostname), you must specify the port
number as well (due to the colons in the address and host:port separator).

Does the --ssl option work?  --ssl, --ssl-cert and --ssl-key should all be in
the -h output if they're compiled in.

Did you do a "make clean" before your make?  Maybe your Ncat binary was built
from the previous object files without OpenSSL support because they weren't
removed/written over.

> Thanks again for your work and hopefully some of this is helpful.
> -Aaron
>

You're very welcome.

Thank you for your help,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSIeXh/9K37xXYl36AQIyHA/9H+g39wwfvB0e/nz8FzK8IE7C2X0WJAAF
gZ5E/nCT