| Server IP : 80.241.246.6 / Your IP : 216.73.216.129 Web Server : Apache/2.4.25 (Debian) System : Linux kharagauli 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64 User : www-data ( 33) PHP Version : 7.0.33-0+deb9u12 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/doc/netcat-traditional/examples/data/ |
Upload File : |
# UDP mountd call. Use as input to find mount daemons and avoid portmap. # Useful proc numbers are 2, 5, and 6. # UDP-scan around between 600-800 to find most mount daemons. # Using this with "2", plugged into "nc -u -v -w 2 victim X-Y" will # directly scan *and* dump the current exports when mountd is hit. # combine stdout *and* stderr thru "strings" or something to clean it up 000 # XID: 4 trash bytes 001 002 003 000 # CALL: 0 000 000 000 000 # RPC version: 2 000 000 002 000 # mount: 100005 001 0x86 0xa5 000 # mount version: 1 000 000 001 000 # procedure number -- put what you need here: 000 # 2 = dump [showmount -e] 000 # 5 = exportlist [showmount -a] xxx # "sed s/xxx/$1/ | data -g | nc ..." or some such... 000 # port: junk 000 000 000 000 # auth trash 000 000 000 000 # auth trash 000 000 000 000 # auth trash 000 000 000 000 # extra auth trash? probably not needed 000 000 000 # that's it!