From: Aron Xu Date: Mon, 13 Feb 2012 19:06:52 +0800 Subject: misc connection failures --- nc.1 | 76 ++++++++++++++++++++++++++++++++++++--- netcat.c | 119 ++++++++++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 153 insertions(+), 42 deletions(-) diff --git a/nc.1 b/nc.1 index 60e3668..477cb1b 100644 --- a/nc.1 +++ b/nc.1 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46CDdhklnrStUuvZz +.Op Fl 46bCDdhklnrStUuvZz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl O Ar length @@ -99,6 +99,8 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl b +Allow broadcast. .It Fl C Send CRLF as line-ending. .It Fl D @@ -323,6 +325,54 @@ and which side is being used as a The connection may be terminated using an .Dv EOF .Pq Sq ^D . +.Pp +There is no +.Fl c +or +.Fl e +option in this netcat, but you still can execute a command after connection +being established by redirecting file descriptors. Be cautious here because +opening a port and let anyone connected execute arbitrary command on your +site is DANGEROUS. If you really need to do this, here is an example: +.Pp +On +.Sq server +side: +.Pp +.Dl $ rm -f /tmp/f; mkfifo /tmp/f +.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f +.Pp +On +.Sq client +side: +.Pp +.Dl $ nc host.example.com 1234 +.Dl $ (shell prompt from host.example.com) +.Pp +By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 +of address 127.0.0.1 on +.Sq server +side, when a +.Sq client +establishes a connection successfully to that port, /bin/sh gets executed +on +.Sq server +side and the shell prompt is given to +.Sq client +side. +.Pp +When connection is terminated, +.Nm +quits as well. Use +.Fl k +if you want it keep listening, but if the command quits this option won't +restart it or keep +.Nm +running. Also don't forget to remove the file descriptor once you don't need +it anymore: +.Pp +.Dl $ rm -f /tmp/f +.Pp .Sh DATA TRANSFER The example in the previous section can be expanded to build a basic data transfer model. @@ -382,15 +432,30 @@ The flag can be used to tell .Nm to report open ports, -rather than initiate a connection. +rather than initiate a connection. Usually it's useful to turn on verbose +output to stderr by use this option in conjunction with +.Fl v +option. +.Pp For example: .Bd -literal -offset indent -$ nc -z host.example.com 20-30 +$ nc \-zv host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! .Ed .Pp -The port range was specified to limit the search to ports 20 \- 30. +The port range was specified to limit the search to ports 20 \- 30, and is +scanned by increasing order. +.Pp +You can also specify a list of ports to scan, for example: +.Bd -literal -offset indent +$ nc \-zv host.example.com 80 20 22 +nc: connect to host.example.com 80 (tcp) failed: Connection refused +nc: connect to host.example.com 20 (tcp) failed: Connection refused +Connection to host.example.com port [tcp/ssh] succeeded! +.Ed +.Pp +The ports are scanned by the order you given. .Pp Alternatively, it might be useful to know which server software is running, and which versions. @@ -455,6 +520,9 @@ Original implementation by *Hobbit* .br Rewritten with IPv6 support by .An Eric Jackson Aq ericj@monkey.org . +.br +Modified for Debian port by Aron Xu +.Aq aron@debian.org . .Sh CAVEATS UDP port scans using the .Fl uz diff --git a/netcat.c b/netcat.c index bf9940f..c938d11 100644 --- a/netcat.c +++ b/netcat.c @@ -88,6 +88,7 @@ #include #include #include +#include #include #include #include @@ -115,6 +116,7 @@ #define UDP_SCAN_TIMEOUT 3 /* Seconds */ /* Command Line Options */ +int bflag; /* Allow Broadcast */ int Cflag = 0; /* CRLF line-ending */ int dflag; /* detached, no stdin */ unsigned int iflag; /* Interval Flag */ @@ -146,7 +148,7 @@ char *portlist[PORT_MAX+1]; char *unix_dg_tmp_socket; void atelnet(int, unsigned char *, unsigned int); -void build_ports(char *); +void build_ports(char **); void help(void); int local_listen(char *, char *, struct addrinfo); void readwrite(int); @@ -171,11 +173,14 @@ int main(int argc, char *argv[]) { int ch, s, ret, socksv; - char *host, *uport; + char *host, **uport; struct addrinfo hints; struct servent *sv; socklen_t len; - struct sockaddr_storage cliaddr; + union { + struct sockaddr_storage storage; + struct sockaddr_un forunix; + } cliaddr; char *proxy = NULL; const char *errstr, *proxyhost = "", *proxyport = NULL; struct addrinfo proxyhints; @@ -189,7 +194,7 @@ main(int argc, char *argv[]) sv = NULL; while ((ch = getopt(argc, argv, - "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { + "46bCDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -197,6 +202,13 @@ main(int argc, char *argv[]) case '6': family = AF_INET6; break; + case 'b': +# if defined(SO_BROADCAST) + bflag = 1; +# else + errx(1, "no broadcast frame support available"); +# endif + break; case 'U': family = AF_UNIX; break; @@ -342,35 +354,40 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { - if (uflag) - errx(1, "cannot use -u and -U"); # if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) if (dccpflag) errx(1, "cannot use -Z and -U"); # endif host = argv[0]; uport = NULL; - } else if (!argv[0] && lflag) { - if (sflag) - errx(1, "cannot use -s and -l"); - if (zflag) - errx(1, "cannot use -z and -l"); - if (pflag) - uport=pflag; - } else if (!lflag && kflag) { - errx(1, "cannot use -k without -l"); - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); - uport = argv[0]; + } else if (argv[0] && !argv[1] && lflag) { + if (pflag) { + uport = &pflag; + host = argv[0]; + } else { + uport = argv; + host = NULL; + } + } else if (!argv[0] && lflag && pflag) { + uport = &pflag; host = NULL; } else if (argv[0] && argv[1]) { host = argv[0]; - uport = argv[1]; + uport = &argv[1]; } else usage(1); - + if (lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); + if (pflag) + /* This still does not work well because of getopt mess + errx(1, "cannot use -p and -l"); */ + uport = &pflag; + } else if (!lflag && kflag) + errx(1, "cannot use -k without -l"); /* Get name of temporary socket for unix datagram client */ if ((family == AF_UNIX) && uflag && !lflag) { @@ -448,7 +465,7 @@ main(int argc, char *argv[]) else s = unix_listen(host); } else - s = local_listen(host, uport, hints); + s = local_listen(host, *uport, hints); if (s < 0) err(1, NULL); @@ -457,7 +474,8 @@ main(int argc, char *argv[]) local = ":::"; else local = "0.0.0.0"; - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + if (vflag && (family != AF_UNIX)) + fprintf(stderr, "Listening on [%s] (family %d, port %s)\n", host ?: local, family, *uport); @@ -490,13 +508,17 @@ main(int argc, char *argv[]) len = sizeof(cliaddr); connfd = accept(s, (struct sockaddr *)&cliaddr, &len); - if(vflag) { + if(vflag && family == AF_UNIX) { + fprintf(stderr, "Connection from \"%.*s\" accepted\n", + (len - (int)offsetof(struct sockaddr_un, sun_path)), + ((struct sockaddr_un*)&cliaddr)->sun_path); + } else if(vflag) { char *proto = proto_name(uflag, dccpflag); /* Don't look up port if -n. */ if (nflag) sv = NULL; else - sv = getservbyport(ntohs(atoi(uport)), + sv = getservbyport(ntohs(atoi(*uport)), proto); if (((struct sockaddr *)&cliaddr)->sa_family == AF_INET) { @@ -504,7 +526,7 @@ main(int argc, char *argv[]) inet_ntop(((struct sockaddr *)&cliaddr)->sa_family,&(((struct sockaddr_in *)&cliaddr)->sin_addr),dst,INET_ADDRSTRLEN); fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", dst, - uport, + *uport, proto, sv ? sv->s_name : "*", ((struct sockaddr *)(&cliaddr))->sa_family, @@ -515,7 +537,7 @@ main(int argc, char *argv[]) inet_ntop(((struct sockaddr *)&cliaddr)->sa_family,&(((struct sockaddr_in6 *)&cliaddr)->sin6_addr),dst,INET6_ADDRSTRLEN); fprintf(stderr, "Connection from [%s] port %s [%s/%s] accepted (family %d, sport %d)\n", dst, - uport, + *uport, proto, sv ? sv->s_name : "*", ((struct sockaddr *)&cliaddr)->sa_family, @@ -523,17 +545,21 @@ main(int argc, char *argv[]) } else { fprintf(stderr, "Connection from unknown port %s [%s/%s] accepted (family %d, sport %d)\n", - uport, + *uport, proto, sv ? sv->s_name : "*", ((struct sockaddr *)(&cliaddr))->sa_family, ntohs(((struct sockaddr_in *)&cliaddr)->sin_port)); } } + if(!kflag) + close(s); readwrite(connfd); close(connfd); } + if (vflag && kflag) + fprintf(stderr, "Connection closed, listening again.\n"); if (kflag) continue; if (family != AF_UNIX) { @@ -641,6 +667,8 @@ unix_bind(char *path) return (-1); } + unlink(path); + if (bind(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) { close(s); return (-1); @@ -662,8 +690,10 @@ unix_connect(char *path) if ((s = unix_bind(unix_dg_tmp_socket)) < 0) return (-1); } else { - if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { + errx(1,"create unix socket failed"); return (-1); + } } (void)fcntl(s, F_SETFD, 1); @@ -674,9 +704,11 @@ unix_connect(char *path) sizeof(sun.sun_path)) { close(s); errno = ENAMETOOLONG; + warn("unix connect abandoned"); return (-1); } if (connect(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) { + warn("unix connect failed"); close(s); return (-1); } @@ -1105,22 +1137,23 @@ atelnet(int nfd, unsigned char *buf, unsigned int size) * that we should try to connect to. */ void -build_ports(char *p) +build_ports(char **p) { struct servent *sv; const char *errstr; char *n; int hi, lo, cp; int x = 0; + int i; char *proto = proto_name(uflag, dccpflag); - sv = getservbyname(p, proto); + sv = getservbyname(*p, proto); if (sv) { portlist[0] = calloc(1, PORT_MAX_LEN); if (portlist[0] == NULL) err(1, NULL); snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port)); - } else if ((n = strchr(p, '-')) != NULL) { + } else if ((n = strchr(*p, '-')) != NULL) { *n = '\0'; n++; @@ -1128,9 +1161,9 @@ build_ports(char *p) hi = strtonum(n, 1, PORT_MAX, &errstr); if (errstr) errx(1, "port number %s: %s", errstr, n); - lo = strtonum(p, 1, PORT_MAX, &errstr); + lo = strtonum(*p, 1, PORT_MAX, &errstr); if (errstr) - errx(1, "port number %s: %s", errstr, p); + errx(1, "port number %s: %s", errstr, *p); if (lo > hi) { cp = hi; @@ -1160,10 +1193,12 @@ build_ports(char *p) } } } else { - hi = strtonum(p, 1, PORT_MAX, &errstr); + hi = strtonum(*p, 1, PORT_MAX, &errstr); if (errstr) - errx(1, "port number %s: %s", errstr, p); - portlist[0] = strdup(p); + errx(1, "port number %s: %s", errstr, *p); + for (i=0;p[i];i++) { + portlist[i] = strdup(p[i]); + } if (portlist[0] == NULL) err(1, NULL); } @@ -1198,6 +1233,13 @@ set_common_sockopts(int s) { int x = 1; +# if defined(SO_BROADCAST) + if (bflag) { + if (setsockopt(s, IPPROTO_TCP, SO_BROADCAST, + &x, sizeof(x)) == -1) + err(1, NULL); + } +# endif # if defined(TCP_MD5SIG) if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, @@ -1293,6 +1335,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ + \t-b Allow broadcast\n\ \t-C Send CRLF as line-ending\n\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ @@ -1329,7 +1372,7 @@ void usage(int ret) { fprintf(stderr, - "usage: nc [-46CDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n" + "usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]\n" "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n" "\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n" "\t [-x proxy_address[:port]] [destination] [port]\n"); --