Ncat and windows line endings

[jah <jah () zadkiel plus com>]

Greetings,

I saw a tweet yesterday where the tweeter was having a problem
shovelling a linux shell to windows which prompted me to try it out.
I ran:
ncat -l --sh-exec /bin/bash
on a linux host and then on a windows host:
ncat linux_host 31337
and then
nmap some_host
and the response I got from nmap running on the linux host was "Invalid
character (13) in host specification..."

I'd modified the Nmap code to produce the 13 (0x0D) in the error
message.  Turns out that Ncat from a windows shell (also a cygwin shell
which piggybacks the windows shell) sends \r\n as its line endings and
the \r is appended to the command at the other end.  This prevents any
command I've tried from working.  Conversely, a mingw shell sends \n as
its line endings and this issue doesn't arise.

I felt sure that something like this has been raised before, but haven't
found anything pertinent.  Is this a known issue and, more to the point,
can we afford to modify ncat to do something about it given that \r\n
might have been sent as part of a HTTP GET, for example?

Regards,

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org