Nmap Development mailing list archives

Re: --exec and --sh-exec now supported in Windows Ncat

From: David Fifield <david () bamsoftware com>
Date: Thu, 12 Mar 2009 18:44:12 -0600

On Fri, Mar 13, 2009 at 12:08:29AM +0000, jah wrote:

On 12/03/2009 20:39, David Fifield wrote:

It used to be that --exec and --sh-exec didn't work on Windows because
they relied on the fork system call. There are now replacement functions
that emulate the Unix behavior on Windows, so they work now. You can do

ncat.exe -l --exec "C:\WINDOWS\system32\cmd.exe"
ncat.exe -l --sh-exec "echo Hello World!"


I did notice the following when using -v.  Compare this, without verbosity:

C:\>ncat 127.0.0.1 34
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

U:\jah\Desktop>

and this with verbosity:

C:\>ncat 127.0.0.1 34 -v
NSOCK (0.0000s) TCP connection requested to 127.0.0.1:34 (IOD #1) EID 8
NSOCK (0.0160s) Callback: CONNECT SUCCESS for EID 8 [127.0.0.1:34]
NSOCK (0.0160s) Read request from IOD #1 [127.0.0.1:34] (timeout: -1ms)
EID 18
NSOCK (0.0160s) Read request for 0 bytes from IOD #2 (peer unspecified)
EID 26
NSOCK (0.0320s) Callback: READ SUCCESS for EID 18 [127.0.0.1:34] (99 bytes)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

U:\jah\Desktop>NSOCK (0.0320s) Read request for 0 bytes from IOD #1
[127.0.0.1:34] EID 34


That last line of output is printed after the remote prompt.  Perhaps
there's not a great deal you can do about this and it's not really a
major issue, but I thought I'd mention it.


Thanks for giving it a try. Here I think the output is correct, though
it looks peculiar. The READ SUCCESS refers to everything up to
"...\Desktop>" with no following newline. Right after the successful
read another read request is scheduled, so it unfortunately ends up on
the same line. The excessive verbosity is a separate issue that Fyodor
has already mentioned.

It would be good to have a few Windows examples for the Ncat guide, to
make it less Unix-centric. How many of the simple diagnostic services
from http://nmap.org/ncat/guide/ncat-simple-services.html can you
emulate?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

--exec and --sh-exec now supported in Windows Ncat David Fifield (Mar 12)
- Re: --exec and --sh-exec now supported in Windows Ncat jah (Mar 12)
  - Re: --exec and --sh-exec now supported in Windows Ncat David Fifield (Mar 12)
    - Re: --exec and --sh-exec now supported in Windows Ncat jah (Mar 12)