Hi,

I hope this is the right place in the forums for this question.

According to http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf, you can create netcat relays on windows such as Listener-to-Client relays and other types of relays. However, even in simple scenarios, I find that the problem is that the 2nd nc command does not know how to pipe back the data it receives to the first netcat. A simple example will illustrate.

C:\> echo nc www.google.com 80 > relay.bat
C:\> nc -l -p 4444 -e relay.bat

I then start up my web browser and wireshark to monitor the data. I point my web browser to 127.0.0.1:4444. No response is received. Looking at wireshark, I find that the connection was made to the www.google.com and data was received. However, it appears that the nc in relay.bat does not know how to return the data to the first nc.

Any ideas? Thanks.

PS. The above works fine on Linux, but not on Windows.

Thanks a lot Equix3n.  It was one of those annoying things that kept nagging at me, especially since I didn't understand why it wasn't working.  Thanks

Did you try this again? I've no problems connecting to netcat using plink. However, once connected plink just hangs there. But if I try making a raw connection using netcat I do get the banner info.

Read the following article, perhaps this could help you out.
http://www.governmentsecurity.org/forum/index.php?showtopic=5787

Guess I've to disturb Weld Pond this time

I've been trying to find a solution ever since this was posted, and with ketchup replying that he's getting the same result as SecMan I'm getting a little confused.

Here are the steps I'm following. Check if I'm doing everything correctly.

a) Firstly I run a freeSSHd  SSH server on port 22 of my machine.

b) Then I make a netcat batch file which invokes a netcat client to connect to the SSH server.


c) Then I start a netcat listener which executes the batch file whenever I connect to it.


d)Then if I connect to the netcat listener using a netcat client I get the banner information after pressing return 2-3 times, and the connection is terminated after hitting the return key again.
 
For netcat client:

After pressing return:

The netcat listener window displays the following information when netcat client connect to it.

e) I start the netcat listener again and try to connect to it using plink.

After hitting return the plink terminal displays the following information and hangs.
The netcat listener window terminal displays the following result:

Furthermore, when I connect to the listener using either netcat client or plink the server message changes from no user online to There is 1 user online, which means that data is reaching the ssh server (as we can clearly see when we connect to the netcat listener using netcat) but not coming back to any other client except the netcat (Since we got the banner information using netcat client instead of plink). The same thing happened when we used a browser instead of a netcat client in the previous problem.

I did get the error you two are talking about, but only once and before I posted my previous reply. I then rebooted the system and tried again and haven't got the error since. That's why I asked you whether you're still getting that error. I have tried searching the net but my Googlefu isn't helping me much. So, in frustration, I've started reading the code and it is a bit of project The code isn't large BTW, more than half of it is just comments.

I just happened to be browsing the InGuardians website yesterday and found the netcat cheat sheet where this is mentioned.  Maybe I'll give it a try...

(Sorry to triple-post...)

I loaded up the source code this morning to see if I could find anything.  All I have to say is

  WOW 

Some of the comments were funny, and variable names like GAPING_SECURITY_HOLE gave me a laugh.


And if I thought I could find out anything from this code, I was sorely mistaken.

I did see the -t in the help listing but it gave the same error for freessd telnet server so I thought it didn't work... my mistake.

Anyway, yes this did work and the relay worked as well!

relay:
    echo nc -t <telnet.server.ip.address> 23 > relaytelnet.bat
    nc -v -l -p 4444 -e relaytelnet.bat

remote:
    nc <relay.i.p.address> 4444


As Ed mentioned earlier, I had to hit enter 3 times after each command to get any response from the telnet server through the relay, which is still pretty lame.

Also, since this is Windows we can eliminate the need for the batch file by using the command in this way:

    nc -v -l -p 4444 -e "nc -t <telnet.server.ip.address> 23"

The HTTP forwarding on port 80 still doesn't work, but again as Ed said it's probably because of the buffers.