From: Aron Xu Date: Mon, 13 Feb 2012 19:06:52 +0800 Subject: misc failures and features --- Makefile | 3 +- nc.1 | 76 ++++++++++++++++++++++++++++++++++++++++++++--- netcat.c | 101 +++++++++++++++++++++++++++++++++++++++++++-------------------- 3 files changed, 143 insertions(+), 37 deletions(-) diff --git a/Makefile b/Makefile index 96a6587..becd854 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,8 @@ PROG= nc SRCS= netcat.c atomicio.c socks.c -LIBS= `pkg-config --libs libbsd` -lresolv +PKG_CONFIG ?= pkg-config +LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv OBJS= $(SRCS:.c=.o) CFLAGS= -g -O2 LDFLAGS= -Wl,--no-add-needed diff --git a/nc.1 b/nc.1 index fe42909..e95918a 100644 --- a/nc.1 +++ b/nc.1 @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm nc .Bk -words -.Op Fl 46CDdFhklNnrStUuvZz +.Op Fl 46bCDdFhklNnrStUuvZz .Op Fl I Ar length .Op Fl i Ar interval .Op Fl O Ar length @@ -99,6 +99,8 @@ to use IPv4 addresses only. Forces .Nm to use IPv6 addresses only. +.It Fl b +Allow broadcast. .It Fl C Send CRLF as line-ending. .It Fl D @@ -345,6 +347,54 @@ and which side is being used as a The connection may be terminated using an .Dv EOF .Pq Sq ^D . +.Pp +There is no +.Fl c +or +.Fl e +option in this netcat, but you still can execute a command after connection +being established by redirecting file descriptors. Be cautious here because +opening a port and let anyone connected execute arbitrary command on your +site is DANGEROUS. If you really need to do this, here is an example: +.Pp +On +.Sq server +side: +.Pp +.Dl $ rm -f /tmp/f; mkfifo /tmp/f +.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f +.Pp +On +.Sq client +side: +.Pp +.Dl $ nc host.example.com 1234 +.Dl $ (shell prompt from host.example.com) +.Pp +By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 +of address 127.0.0.1 on +.Sq server +side, when a +.Sq client +establishes a connection successfully to that port, /bin/sh gets executed +on +.Sq server +side and the shell prompt is given to +.Sq client +side. +.Pp +When connection is terminated, +.Nm +quits as well. Use +.Fl k +if you want it keep listening, but if the command quits this option won't +restart it or keep +.Nm +running. Also don't forget to remove the file descriptor once you don't need +it anymore: +.Pp +.Dl $ rm -f /tmp/f +.Pp .Sh DATA TRANSFER The example in the previous section can be expanded to build a basic data transfer model. @@ -404,15 +454,30 @@ The flag can be used to tell .Nm to report open ports, -rather than initiate a connection. +rather than initiate a connection. Usually it's useful to turn on verbose +output to stderr by use this option in conjunction with +.Fl v +option. +.Pp For example: .Bd -literal -offset indent -$ nc -z host.example.com 20-30 +$ nc \-zv host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! .Ed .Pp -The port range was specified to limit the search to ports 20 \- 30. +The port range was specified to limit the search to ports 20 \- 30, and is +scanned by increasing order. +.Pp +You can also specify a list of ports to scan, for example: +.Bd -literal -offset indent +$ nc \-zv host.example.com 80 20 22 +nc: connect to host.example.com 80 (tcp) failed: Connection refused +nc: connect to host.example.com 20 (tcp) failed: Connection refused +Connection to host.example.com port [tcp/ssh] succeeded! +.Ed +.Pp +The ports are scanned by the order you given. .Pp Alternatively, it might be useful to know which server software is running, and which versions. @@ -477,6 +542,9 @@ Original implementation by *Hobbit* .br Rewritten with IPv6 support by .An Eric Jackson Aq Mt ericj@monkey.org . +.br +Modified for Debian port by Aron Xu +.Aq aron@debian.org . .Sh CAVEATS UDP port scans using the .Fl uz diff --git a/netcat.c b/netcat.c index 258a29a..c47fc0f 100644 --- a/netcat.c +++ b/netcat.c @@ -90,6 +90,7 @@ #include #include #include +#include #include #include #include @@ -121,6 +122,7 @@ #define UDP_SCAN_TIMEOUT 3 /* Seconds */ /* Command Line Options */ +int bflag; /* Allow Broadcast */ int Cflag = 0; /* CRLF line-ending */ int dflag; /* detached, no stdin */ int Fflag; /* fdpass sock to stdout */ @@ -153,7 +155,7 @@ char *portlist[PORT_MAX+1]; char *unix_dg_tmp_socket; void atelnet(int, unsigned char *, unsigned int); -void build_ports(char *); +void build_ports(char **); void help(void); int local_listen(char *, char *, struct addrinfo); void readwrite(int); @@ -182,11 +184,14 @@ int main(int argc, char *argv[]) { int ch, s, ret, socksv; - char *host, *uport; + char *host, **uport; struct addrinfo hints; struct servent *sv; socklen_t len; - struct sockaddr_storage cliaddr; + union { + struct sockaddr_storage storage; + struct sockaddr_un forunix; + } cliaddr; char *proxy = NULL; const char *errstr, *proxyhost = "", *proxyport = NULL; struct addrinfo proxyhints; @@ -202,7 +207,7 @@ main(int argc, char *argv[]) signal(SIGPIPE, SIG_IGN); while ((ch = getopt(argc, argv, - "46CDdFhI:i:klNnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { + "46bCDdFhI:i:klNnO:P:p:q:rSs:tT:UuV:vw:X:x:Zz")) != -1) { switch (ch) { case '4': family = AF_INET; @@ -210,6 +215,13 @@ main(int argc, char *argv[]) case '6': family = AF_INET6; break; + case 'b': +# if defined(SO_BROADCAST) + bflag = 1; +# else + errx(1, "no broadcast frame support available"); +# endif + break; case 'U': family = AF_UNIX; break; @@ -354,35 +366,40 @@ main(int argc, char *argv[]) /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { - if (uflag) - errx(1, "cannot use -u and -U"); # if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) if (dccpflag) errx(1, "cannot use -Z and -U"); # endif host = argv[0]; uport = NULL; - } else if (!argv[0] && lflag) { - if (sflag) - errx(1, "cannot use -s and -l"); - if (zflag) - errx(1, "cannot use -z and -l"); - if (pflag) - uport=pflag; - } else if (!lflag && kflag) { - errx(1, "cannot use -k without -l"); - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); - uport = argv[0]; + } else if (argv[0] && !argv[1] && lflag) { + if (pflag) { + uport = &pflag; + host = argv[0]; + } else { + uport = argv; + host = NULL; + } + } else if (!argv[0] && lflag && pflag) { + uport = &pflag; host = NULL; } else if (argv[0] && argv[1]) { host = argv[0]; - uport = argv[1]; + uport = &argv[1]; } else usage(1); - + if (lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); + if (pflag) + /* This still does not work well because of getopt mess + errx(1, "cannot use -p and -l"); */ + uport = &pflag; + } else if (!lflag && kflag) + errx(1, "cannot use -k without -l"); /* Get name of temporary socket for unix datagram client */ if ((family == AF_UNIX) && uflag && !lflag) { @@ -460,7 +477,7 @@ main(int argc, char *argv[]) else s = unix_listen(host); } else - s = local_listen(host, uport, hints); + s = local_listen(host, *uport, hints); if (s < 0) err(1, NULL); @@ -469,7 +486,8 @@ main(int argc, char *argv[]) local = ":::"; else local = "0.0.0.0"; - fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", + if (vflag && (family != AF_UNIX)) + fprintf(stderr, "Listening on [%s] (family %d, port %s)\n", host ?: local, family, *uport); @@ -632,6 +650,8 @@ unix_bind(char *path) return (-1); } + unlink(path); + if (bind(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) { close(s); return (-1); @@ -653,8 +673,10 @@ unix_connect(char *path) if ((s = unix_bind(unix_dg_tmp_socket)) < 0) return (-1); } else { - if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { + errx(1,"create unix socket failed"); return (-1); + } } (void)fcntl(s, F_SETFD, FD_CLOEXEC); @@ -665,9 +687,11 @@ unix_connect(char *path) sizeof(sun.sun_path)) { close(s); errno = ENAMETOOLONG; + warn("unix connect abandoned"); return (-1); } if (connect(s, (struct sockaddr *)&sun, SUN_LEN(&sun)) < 0) { + warn("unix connect failed"); close(s); return (-1); } @@ -1307,22 +1331,23 @@ atelnet(int nfd, unsigned char *buf, unsigned int size) * that we should try to connect to. */ void -build_ports(char *p) +build_ports(char **p) { struct servent *sv; const char *errstr; char *n; int hi, lo, cp; int x = 0; + int i; char *proto = proto_name(uflag, dccpflag); - sv = getservbyname(p, proto); + sv = getservbyname(*p, proto); if (sv) { portlist[0] = calloc(1, PORT_MAX_LEN); if (portlist[0] == NULL) err(1, NULL); snprintf(portlist[0], PORT_MAX_LEN, "%d", ntohs(sv->s_port)); - } else if ((n = strchr(p, '-')) != NULL) { + } else if ((n = strchr(*p, '-')) != NULL) { *n = '\0'; n++; @@ -1330,9 +1355,9 @@ build_ports(char *p) hi = strtonum(n, 1, PORT_MAX, &errstr); if (errstr) errx(1, "port number %s: %s", errstr, n); - lo = strtonum(p, 1, PORT_MAX, &errstr); + lo = strtonum(*p, 1, PORT_MAX, &errstr); if (errstr) - errx(1, "port number %s: %s", errstr, p); + errx(1, "port number %s: %s", errstr, *p); if (lo > hi) { cp = hi; @@ -1362,10 +1387,12 @@ build_ports(char *p) } } } else { - hi = strtonum(p, 1, PORT_MAX, &errstr); + hi = strtonum(*p, 1, PORT_MAX, &errstr); if (errstr) - errx(1, "port number %s: %s", errstr, p); - portlist[0] = strdup(p); + errx(1, "port number %s: %s", errstr, *p); + for (i=0;p[i];i++) { + portlist[i] = strdup(p[i]); + } if (portlist[0] == NULL) err(1, NULL); } @@ -1400,6 +1427,15 @@ set_common_sockopts(int s, int af) { int x = 1; +# if defined(SO_BROADCAST) + if (bflag) { + /* allow datagram sockets to send packets to a broadcast address + * (this option has no effect on stream-oriented sockets) */ + if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, + &x, sizeof(x)) == -1) + err(1, NULL); + } +# endif # if defined(TCP_MD5SIG) if (Sflag) { if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, @@ -1523,6 +1559,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ + \t-b Allow broadcast\n\ \t-C Send CRLF as line-ending\n\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ --