2

I'm currently attempting to use ncat to bind a cmd shell in Windows for remote access in Kali Linux.

On Windows, I first run:

ncat --exec cmd.exe -vnl Port --ssl

On Kali Linux, I then run:

ncat -v WindowsIP Port --ssl

I then receive a cmd prompt on Kali Linux, however, upon attempting to run any commands, I am met with no response. After pressing Enter multiple times, I receive an error:

Ncat: Input/Output error.

With no further details. I am running Ncat 7.31 on Kali Linux and Windows.

I have attempted using a different port, generating my own certificates and keys in a .pem format using openSSL and specifying these certificates and keys using --ssl-key and --ssl-cert to no avail.

Anders
  • 65,582
  • 24
  • 185
  • 221
John
  • 21
  • 1
  • 2
  • Try using openssl s_client -connect WindowsIP:Port on the Kali side to see if SSL is in fact up and running properly... If that doesn't work, use nmap to verify that you've got connectivity at the TCP level between client and server. It may be something as simple as Windows Firewall being up... – gowenfawr Dec 07 '16 at 13:08
  • That command shows that a certificate exists and prompts me for input into CMD. However, the same error is generated. I have Windows Firewall allowing the port for ncat already and I have also disabled Kali Linux's firewall using ufw disable. – John Dec 08 '16 at 10:55
  • I think this can be solved by installing the latest Ncat version on Windows – user1156544 Jul 28 '18 at 22:36

2 Answers2

2

Try using the --sctp option with both of your commands.

Zwans
  • 74
  • 2
  • Thank you for your fast response. Some Google'ing did lead me to attempt to use this flag, however, upon entering into the Windows computer, I immediately receive an error: Ncat: Unable to open any listening sockets. QUITTING. My firewall is disabled and I am running the cmd as Administrator. – John Dec 07 '16 at 09:21
  • Try ncat --exec cmd.exe -vvv -n -l -p [port] --ssl – Zwans Dec 07 '16 at 09:51
  • I appear to get the same error, but I assume -vvv is the debug mode from the logs I'm getting. The last message while I receive the cmd prompt on Kali Linux and before it throws errors says NCAT DEBUG: Register subprocess 000000E0 at index 0.

    The next message I receive after attempting to remotely run a command is Unregister subprocess 000000E0 from index 0. Followed by a Subprocess still running, terminating it, exit code 259, terminating subprocesses, max_index 1. The full log is here: pastebin.com/1ymfV5xV

     – John Dec 07 '16 at 10:19
0

The issue is with TLS 1.2. ncat 7.6 no longer uses it since Sep 18. Jul 17's ncat 7.5 does.

Download the version you need from the nmap distros: https://nmap.org/dist/?C=M&O=D

schroeder
  • 129,372
  • 55
  • 299
  • 340
MakeWakandaGreatAgain
  • 11
  • This is difficult to read, and it is not clear from your answer that the TLS version is the problem. Can you confirm? – schroeder Mar 02 '18 at 10:24