What is Netcat?
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
The GNU Netcat -- Official homepage
help information:
nc -h: connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -c shell commands as `-e'; use /bin/sh to exec [dangerous!!] -e filename program to exec after connect [dangerous!!] -b allow broadcasts -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -i secs delay interval for lines sent, ports scanned -k set keepalive option on socket -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -q secs quit after EOF on stdin and delay of secs -s addr local source address -T tos set Type Of Service -t answer TELNET negotiation -in UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -C Send CRLF as line-ending -z zero-I/O mode [used for scanning]
A: Server IP 192.168.192.144
B: Client IP 192.168.192.100
1. Common port connection
nc -nv 192.168.192.144 80 #Connect to port 80 of A service weapon
Direct communication:
Server A: nc -l -p 333 #Open and listen on port 333
Client B: nc -nv 192.168.192.144 333
2. Transmission of text messages
Server A: nc -l -p 333
Client B: ls -l | nc -nv 192.168.192.144 333 #Display A's directory information
Server A: nc -l -p 333 >message.txt
Client B: ps aux | grep ssh | nc -nv 192.168.192.144 333 -q 1 #ssh process information is transmitted to A
3. Transfer files
Server A: nc -l -p 333 > from_bclient.mp4 #Accept the file end
Client B: nc -nv 192.168.192.144 333 < my.mp4 -q 1 #Send file side
-q 1: exit 1 second after the end of the transfer
Server A: nc -l -p 333 < A.mp4 -q 1 #Send file end
Client B : nc -nv 192.168.192.144 333 > from_A.mp4 #Receive file end
4. Transfer directory
A:tar -cvf - Notebooks/ | nc -lp 192.168.192.144 -q 1
B : nc -nv 192.168.192.144 333 | tar -xvf -
5. Transfer encrypted files
A:nc -lp 333 | mcrypt --flush -Fbqd -a rijndael -256 -m ecb > fromB.mp4
B:mcrypt --flush -Fbqd -a rijndael -256 -m ecb < my.mp4 | nc -nv 192.168.192.144 333 -q 1
6. Streaming Services
A : cat A.mp4 | nc lp 333 #Streaming media server
B : nc -nv 192.168.192.144 333 | mplayer -vo x11 -cache 3000 -
mplayer : a commandable player
7. Port Scan
nc -nvz 192.168.190.144 1-1024 #Scan A's ports 1-1024 to scan TCP ports by default
nc -nvzu 192.168.190.144 1-1024 #Scan UDP ports
8. Remote hard disk/memory clone
A : nc lp 333 | dd of=/dev/dsa
B: dd if = / dev / sda | nc -nv 192.168.192.144 333 -q 1
9. Remote control
B controls A
A:nc -lp 333 -c bash
B : nc 192.168.192.144 333
NOTE:
A's firewall closes all ports and B cannot control A through the connection port, then B opens and listens to port 333, allowing A to connect actively
B controls A
A:nc 192.168.192.100 333 -c bash
B:nc -lp 333
NC lacks encryption and authentication, and directly transmitted information is resolved in clear text: NCAT
Usage: ncat [options] [hostname] [port] Options taking a time assume seconds. Append 'ms' for milliseconds, 's' for seconds, 'm' for minutes, or 'h' for hours (e.g. 500ms). -4 Use IPv4 only -6 Use IPv6 only -U, --unixsock Use Unix domain sockets only -C, --crlf Use CRLF for EOL sequence -c, --sh-exec <command> Executes the given command via /bin/sh -e, --exec <command> Executes the given command --lua-exec <filename> Executes the given Lua script -g hop1[,hop2,...] Loose source routing hop points (8 max) -G <n> Loose source routing hop pointer (4, 8, 12, ...) -m, --max-conns <n> Maximum <n> simultaneous connections -h, --help Display this help screen -d, --delay <time> Wait between read/writes -o, --output <filename> Dump session data to a file -x, --hex-dump <filename> Dump session data as hex to a file -i, --idle-timeout <time> Idle read/write timeout -p, --source-port port Specify source port to use -s, --source addr Specify source address to use (doesn't affect -l) -l, --listen Bind and listen for incoming connections -k, --keep-open Accept multiple connections in listen mode -n, --nodns Do not resolve hostnames via DNS -t, --telnet Answer Telnet negotiations -u, --udp Use UDP instead of default TCP --sctp Use SCTP instead of default TCP -v, --verbose Set verbosity level (can be used several times) -w, --wait <time> Connect timeout -z Zero-I/O mode, report connection status only --append-output Append rather than clobber specified output files --send-only Only send data, ignoring received; quit on EOF --recv-only Only receive data, never send anything --allow Allow only given hosts to connect to Ncat --allowfile A file of hosts allowed to connect to Ncat --deny Deny given hosts from connecting to Ncat --denyfile A file of hosts denied from connecting to Ncat --broker Enable Ncat's connection brokering mode --chat Start a simple Ncat chat server --proxy <addr[:port]> Specify address of host to proxy through --proxy-type <type> Specify proxy type ("http" or "socks4" or "socks5") --proxy-auth <auth> Authenticate with HTTP or SOCKS proxy server --ssl Connect or listen with SSL --ssl-cert Specify SSL certificate file (PEM) for listening --ssl-key Specify SSL private key (PEM) for listening --ssl-verify Verify trust and domain name of certificates --ssl-trustfile PEM file containing trusted SSL certificates --ssl-ciphers Cipherlist containing SSL ciphers to use --ssl-alpn ALPN protocol list to use. --version Display Ncat's version information and exit
A:
ncat -c bash --allow 192.168.192.100 -vnl 333 --ssl #Allow 192.168.192.100 to connect to ssl encryption
B:
ncat -nv 192.168.192.144 333 --ssl
A:
B:
Please indicate the source.