forensics diagnostic netcat

i'm doing a project where i run several command line files on an "investigated' computer and the use netcat to put the results of the 'investigation' onto the 'investigator' computer...
so I have it working using netcat,
i'm using

type f:\diagsfile.txt | nc %ip_add1% 1234

on the 'investigator' computer and ; it basically is a batch file ported to netcat with an option

nc -l -p 1234 > diagsfile.txt

on the 'investigated' computer to open port 1234 and accept a file which will be called diagsfile.txt

the thing i'd like to do is make it fully automatic on the investigator end so i don't have to tell netcat to open a port ... just have the investigated machine do it automatically

is there a way to do that?
DavidAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I don't really get what you are after. You might want to transfer more than file? Then why not using FTP? That protocol allows to provide the file name and more.
0
DavidAuthor Commented:
im trying to make a usb disk with a batch file on it ( an ISO with command line diagnostic tool)
which i can run on a compromised computer, which will give me information about that compromised computer.  the results of the diagnostics are put into a file called diagsfile.txt ... that diagsfile.txt file i want to send to another computer for further review
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Again: Why not using FTP? Whatever you use, you need someone listening. A FTP server is easy to use, can be secured by a login, and is a well-known service. You can run it all the time.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

DavidAuthor Commented:
a. the assignment REQUIRES i use netcat
b. i have to automate the process using a batch file
c. can you use ftp in a batch file to send a file ?
0
DavidAuthor Commented:
I've requested that this question be deleted for the following reason:

will rephrase
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
No need to delete and repost, so I'll object.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
c. is moot since you are forced to use netcat by the assignment.

But this makes me suspicious. If it is an assignment, it is homework / academic study, and we can only help marginally. Because there is no reason otherwise to insist in using netcat.

I still don't get it. "Whatever you use, you need someone listening.", as said. If we stay with NetCat only, you can embed the listening call into a batch file, so you can change the protocol file each time. Is that what you are after?
Anyway, NetCat needs to run all the time. You can send anything over the connection, but need to interpret content or commands yourself in NetCat (to be precise, you need external processes reading the file created).

It would help if you go into more details, e.g. show an example session and the corresponding actions.
0
DavidAuthor Commented:
the bottom line, all conspiracies aside, is the assignment calls for netcat.  (incidentally, out of my own curiosity-- i'd like to know if it is possible using any other protocols)
0
DavidAuthor Commented:
so i tried to use psexec (by sysinternals) to upload the file nc.exe to the remote machine and then execute .. i guess that is one way to attempt it ... but i have to work out the syntax

so far i have:

psexec -accepteula \\user -u machine2 -c nc.exe -w c:\ nc -l -p 1234 >diagsfile.txt

where user is the name of the remote machine, machine2 is the username on the remote machine (it should prompt for a user password) , nc.exe is netcat, the program being uploaded, and the options for netcat to execute

any help with this is appreciated

dave.j
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Ah, that makes (some) sense, but do you really want to allow Remote Execution that way? You'll need to provide admin (!) credentials for the "Investigator" machine. Getting a password prompt seems to be safe enough, though.

However, I would not use the "copy" switch, instead leave nc "installed" in system32 of the "Investigator".
The names used are confusing (machine and user are reversed). Other than that, your line should be fine, but we might have to prevent the file redirection to happen on psexec instead of nc, so one of the following lines should be used:
psexec -accepteula \\machine -u user -w c:\ nc.exe -l -p 1234 ">" diagsfile.txt
psexec -accepteula \\machine -u user -w c:\ nc.exe -l -p 1234 ^> diagsfile.txt

Open in new window

1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Digital Forensics

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.