Sending files

It is not unusual to extract suspicious files from a subject system for further study. Netcat is also handy for performing this task. In order to receive a file you should start a new listener on the forensics workstation that doesn’t use the -k option. In this case you want to end the listener after the file has been transmitted. The command is nc -l {port} > {filename}.

On the subject system the suspect file is redirected into the netcat talker. The syntax for sending the file is nc {forensic workstation IP} {port} <

{filename}, i.e. nc 192.168.1.119 4444 < /bin/bash. The listener and talker for this file transfer are shown in Figure 2.11 and Figure 2.12, respectively.

FIGURE 2.11

Setting up a netcat listener to receive a file.

FIGURE 2.12

Using netcat to send a file.

results matching ""

    No results matching ""