When you do malware analysis of documents or office files, it is important to have Microsoft Office installed in your Lab machine. I am using flare VM and it doesn't comes with MS Office. Since Microsoft is promoting Microsoft 365 over the offline version, finding the offline installer is not that easy. Here is the list of genuine Microsoft links to download the office .img files. Download Microsoft Office 2019 Professional Plus : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/ProPlus2019Retail.img Download Microsoft Office 2019 Professional : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/Professional2019Retail.img Download Microsoft Office 2019 Home and Business : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-US/HomeBusiness2019Retail.img Download Microsoft Office 2019 Home and Student : https://officecdn.microsoft.com/db/492350F6-3A01-4F97-B9C0-C7C6DDF67D60/media/en-U
Netcat is one of the most powerful and useful tool for testing and debugging the network and protocol connectivity.
Though administrators use this tool for troubleshooting, the attackers can use this for malicious intentions such as establishing a backdoor connectivity, transferring files, scanning ports etc.
Netcat can act as in client-server mode as well. This tool is available for both Windows and Linux.
Lets go through the five most common usage of netcat commands.
1) Check whether the port is Open.
For checking TCP ports :-
#nc -v <IP or Domain name> <port number>
Eg: nc -v www.jaacostan.com 80
For checking UDP ports:-
#nc -vu www.jaacostan.com 53 //where "u" in "-uv" represents UDP.
2) For doing Port Scans
#nc -vzu <IP or Website> <port range>
eg: #nc -vz www.jaacostan.com 100-200
for scanning the opened UDP ports,
#nc -vzu www.jaacostan.com 100-200 //where "u" in "-uzv" represents UDP.
3) Netcat as aClient Server.
Once netcat is installed on a system whose IP is 192.168.1.10,
#nc -l 4444 // executing this command will open up a port listening on 4444.
from another machine, establish a connection with the server.
#nc 192.168.1.10 4444.
4) Transfer a file.
On the server, open a port 4444.
#nc -l 4444 > output // any data receives on this port will be saved on file called named as "output"
In the client, create a sample file. here i created "jaa".
From the client, send the contents of file "jaa".
#cat jaa | nc 192.168.1.1 4444 //Transfer the contents of the file "jaa" to the server.
5) Bind a program to a port and access it.
Bind a program, here CMD to the port number 4444.
#nc -nlvp 4444 -e cmd.exe
establish a connection with the server on port 4444.
#nc -nv 192.168.1.10 4444
This will open up a CMD prompt of server from the client machine.
Though administrators use this tool for troubleshooting, the attackers can use this for malicious intentions such as establishing a backdoor connectivity, transferring files, scanning ports etc.
Netcat can act as in client-server mode as well. This tool is available for both Windows and Linux.
Lets go through the five most common usage of netcat commands.
1) Check whether the port is Open.
For checking TCP ports :-
#nc -v <IP or Domain name> <port number>
Eg: nc -v www.jaacostan.com 80
For checking UDP ports:-
#nc -vu www.jaacostan.com 53 //where "u" in "-uv" represents UDP.
2) For doing Port Scans
#nc -vzu <IP or Website> <port range>
eg: #nc -vz www.jaacostan.com 100-200
for scanning the opened UDP ports,
#nc -vzu www.jaacostan.com 100-200 //where "u" in "-uzv" represents UDP.
3) Netcat as aClient Server.
Once netcat is installed on a system whose IP is 192.168.1.10,
#nc -l 4444 // executing this command will open up a port listening on 4444.
from another machine, establish a connection with the server.
#nc 192.168.1.10 4444.
4) Transfer a file.
On the server, open a port 4444.
#nc -l 4444 > output // any data receives on this port will be saved on file called named as "output"
In the client, create a sample file. here i created "jaa".
From the client, send the contents of file "jaa".
#cat jaa | nc 192.168.1.1 4444 //Transfer the contents of the file "jaa" to the server.
5) Bind a program to a port and access it.
Bind a program, here CMD to the port number 4444.
#nc -nlvp 4444 -e cmd.exe
establish a connection with the server on port 4444.
#nc -nv 192.168.1.10 4444
This will open up a CMD prompt of server from the client machine.