Introduction to pentesting: Maintaining Access with Backdoors and Rootkits

Cryptcat

Although Netcat provides some amazing qualities, the program does have a few shortcomings. First off, it’s important to understand that all traffic passes between a Netcat client and server is done so in clear text. This means that anyone viewing traffic or sniffing the connection will be able to view and monitor all the information sent between the machines. Cryptcat was introduced to address this issue. Cryptcat utilizes twofish encryption to keep the traffic between the client and the server confidential.

The beauty of Cryptcat is that you don’t need to learn any new commands. If you have already mastered Netcat, then you have already mastered Cryptcat; but with Cryptcat you have the added benefit of transporting your data using an encrypted tunnel. Anyone viewing or analyzing your network traffic won’t be able to see your information.

One important thing about Cryptcat, you should always change the default key. If you fail to change the default key, anyone will have the ability to decrypt your session. The default key is: metallica and can be changed using the “-k” switch.

To set up an encrypted tunnel between two machines using Cryptcat, you can issue the following commands:

  1. Start the server:
    cryptcat -l -p 5757
    
  2. Start the client:
    cryptcat 192.168.1.10 5757
    

Now you have an encrypted tunnel set up between two machines.