Nmap Development mailing list archives
Re: --exec and --sh-exec now supported in Windows Ncat
From: jah <jah () zadkiel plus com>
Date: Fri, 13 Mar 2009 00:08:29 +0000
On 12/03/2009 20:39, David Fifield wrote:
Hello all, It used to be that --exec and --sh-exec didn't work on Windows because they relied on the fork system call. There are now replacement functions that emulate the Unix behavior on Windows, so they work now. You can do ncat.exe -l --exec "C:\WINDOWS\system32\cmd.exe" ncat.exe -l --sh-exec "echo Hello World!" Sorry, I don't know any really fun examples. The Unix emulation is pretty complete. --sh-exec uses cmd.exe /C to start the given program, so you can use pipelines and redirection as in Unix. All subprocesses are killed when the main Ncat process is killed, even though this means that Ncat has to track them itself. The only inconsistency is that --exec doesn't require the full path name like it does on Unix. It searches the PATH just like --sh-exec, so the first example could have used plain "cmd.exe". It would be possible to require the full path name, but I don't know if that's even desired.
This is great news! I've had a little play with it and it looks good. I'm looking forward to being able to do some routine admin stuff on a couple of headless windows boxes without having to use VNC (and maybe I'll come-up with some fun usage examples at some point). As for requiring the full path with --exec - I can't think of a reason why that would be desirable as long as it accepts a full path - which it does. I did notice the following when using -v. Compare this, without verbosity: C:\>ncat 127.0.0.1 34 Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. U:\jah\Desktop> and this with verbosity: C:\>ncat 127.0.0.1 34 -v NSOCK (0.0000s) TCP connection requested to 127.0.0.1:34 (IOD #1) EID 8 NSOCK (0.0160s) Callback: CONNECT SUCCESS for EID 8 [127.0.0.1:34] NSOCK (0.0160s) Read request from IOD #1 [127.0.0.1:34] (timeout: -1ms) EID 18 NSOCK (0.0160s) Read request for 0 bytes from IOD #2 (peer unspecified) EID 26 NSOCK (0.0320s) Callback: READ SUCCESS for EID 18 [127.0.0.1:34] (99 bytes) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. U:\jah\Desktop>NSOCK (0.0320s) Read request for 0 bytes from IOD #1 [127.0.0.1:34] EID 34 That last line of output is printed after the remote prompt. Perhaps there's not a great deal you can do about this and it's not really a major issue, but I thought I'd mention it. I think it's really cool that the lack of fork on windows didn't preclude these features of ncat from the windows version - very nice work indeed. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- --exec and --sh-exec now supported in Windows Ncat David Fifield (Mar 12)
- Re: --exec and --sh-exec now supported in Windows Ncat jah (Mar 12)
- Re: --exec and --sh-exec now supported in Windows Ncat David Fifield (Mar 12)
- Re: --exec and --sh-exec now supported in Windows Ncat jah (Mar 12)