Netcat (abbreviated as nc) is a powerful command-line network tool used to establish a TCP/UDP connection between two machines, and read and write data through standard input and output.
1. Windows download and install netcat (nc) command
1. Netcat (nc) download address:
https://eternallybored.org/misc/netcat/
2. Click the netcat 1.12 link to download
1. Unzip the netcat-win32-1.12 folder
3. Configure environment variables
Add the netcat path in Path:
4. Test
Open two cmd windows
The first execution: nc -l -p 9999
The second execution: nc localhost 9999
Verify the execution result
The second window will receive the input in the first window.
2. Install and execute the netcat (nc) command under linux
Most Linux distributions will come with Netcat, you can use the nc command to check whether Netcat is installed in the system
$ nc
usage: nc [-46AacCDdEFhklMnOortUuvz] [-K tc] [-b boundif] [-i interval] [-p source_port]
[--apple-recv-anyif] [--apple-awdl-unres]
[--apple-boundif ifbound]
[--apple-no-cellular] [--apple-no-expensive]
[--apple-no-flowadv] [--apple-tcp-timeout conntimo]
[--apple-tcp-keepalive keepidle] [--apple-tcp-keepintvl keepintvl]
[--apple-tcp-keepcnt keepcnt] [--apple-tclass tclass]
[--tcp-adp-rtimo num_probes] [--apple-initcoproc-allow]
[--apple-tcp-adp-wtimo num_probes]
[--setsockopt-later] [--apple-no-connectx]
[--apple-delegate-pid pid] [--apple-delegate-uuid uuid]
[--apple-kao] [--apple-ext-bk-idle]
[--apple-netsvctype svc] [---apple-nowakefromsleep]
[--apple-notify-ack] [--apple-sockev]
[--apple-tos tos] [--apple-tos-cmsg]
[-s source_ip_address] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]
The above prompt message shows that Netcat has been installed in the system, if it is not installed, you can use the following command to install it
$ wget https://sourceforge.NET/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz
$ tar zxvf netcat-0.7.1.tar.gz
$ cd netcat-0.7.1
$ ./configure
$ make
$ make instal
Quick Start
We can use Netcat to establish a connection with the HTTP server. Taking Baidu as an example, use the following command to establish a TCP connection with Baidu
$ nc www.baidu.com 80
The first parameter is the address of the server to establish the connection, and the second parameter is the connection port. After the connection is successfully established, it will enter the input/output interface, where data can be sent/received to the TCP connection. For example, the Baidu server sends a GET request to simulate a browser accessing the Baidu homepage, enter GET / HTTP/1.0 and press Enter twice
$ nc www.baidu.com 80
GET / HTTP/1.0
(回车)
(回车)
After sending the request, you will receive the following HTTP response
HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Content-Length: 14615
Content-Type: text/html
Other usage scenarios
Port scanning
Netcat can also be used for port scanning to discover open ports on some machines
$ nc -zv localhost 9995-9999
nc: connect to localhost port 9995 (tcp) failed: Connection refused
nc: connect to localhost port 9995 (tcp) failed: Connection refused
nc: connect to localhost port 9996 (tcp) failed: Connection refused
nc: connect to localhost port 9996 (tcp) failed: Connection refused
nc: connect to localhost port 9997 (tcp) failed: Connection refused
nc: connect to localhost port 9997 (tcp) failed: Connection refused
nc: connect to localhost port 9998 (tcp) failed: Connection refused
nc: connect to localhost port 9998 (tcp) failed: Connection refused
nc: connect to localhost port 9999 (tcp) failed: Connection refused
Connection to localhost 9999 port [tcp/*] succeeded!
The -z parameter means to use the Zero-I/O mode, that is, to prohibit input and output when connecting, and only check whether the port is open, which is very suitable for port scanning. The -v parameter is used to display detailed output information in network connections. According to the output information, it can be seen that port 9999 can be connected, which proves that port 9999 is being developed
If you use C to write a simple peer-to-peer chat program, you need at least 60-70 lines of code. If you use Netcat to establish a TCP connection between two machines, you only need to execute two lines of commands to implement a simple chat function, such as in the server 172.16 . Execution on 0.4
$ nc -l 9999
The -l parameter means to run Netcat in listening mode, here we are listening on port 9999, and then execute it on another server
$ nc 172.16.0.4 9999
If the execution is successful, the two servers establish a TCP connection, and then they can send messages through the connection, such as sending Hello, I'm client on the client server
$ nc 172.16.0.4 9999
Hello, I'm client
The server will receive the message immediately
$ nc -l 9999
Hello, I'm client
Similarly, the message sent by the server can also be received by the client
Transferring files
Similarly, by establishing a TCP connection, you can easily transfer files between two hosts. If you want to send test.txt on server A to server B (IP address 172.16.0.4), execute on server B
$ nc -l 9999 > test.txt
Then execute on server A
$ nc 172.16.0.4 9999 < test.txt
In this way, the file can be sent
It is more
interesting to use Netcat to achieve a function similar to ssh, that is, to expose the shell terminal of the target machine on a certain port, and then connect the local machine to the target machine using Netcat, and then you can access the shell terminal of the target machine
Execute on the target machine
$ nc -l 9999 | /bin/bash
Here, Netcat is used as the server to monitor port 9999, and the received data is sent to /bin/bash through the pipeline, which is equivalent to exposing /bin/bash to port 9999, and then executing it on the local machine
$ nc 172.16.0.4 9999
By establishing a connection through Netcat, you can access the /bin/bash terminal of the target machine on the local machine, such as executing the ls command on the local machine
$ nc 172.16.0.4 9999
ls -l
The output of the target machine is as follows
$ nc -l 9999 | /bin/bash
total 4
-rw-rw-r-- 1 huangxy huangxy 6 Feb 21 00:50 test.txt
You can see that the command we entered on the local machine has been successfully executed on the target machine
Although we can use the local machine to transmit commands to the target machine for execution, it is still a bit different from the ssh connection, because the execution results of the command cannot be seen on the local machine. Pipelines can be used to solve this problem cleverly, and execute on the target machine
$ mkfifo /tmp/pipe
$ cat /tmp/pipe | /bin/bash 2>&1 | nc -l -p 9999 > /tmp/pipe
The main functions of the above two commands are as follows:
Create a named pipe with the mkfifo command
, then read the content of /tmp/pipe through the cat command, send the content to /bin/bash through the pipeline,
and send the execution result of /bin/bash to nc through the pipeline,
and nc will receive it from the local machine The received command is saved to /tmp/pipe,
and the command in /tmp/pipe is read by cat, and transferred to /bin/bash, and the entire data flow is completed for the first time, and
now the local machine can receive /bin/ The execution result of the bash command
$ nc 172.16.0.4 9999
ls -l
total 4
-rw-rw-r-- 1 huangxy huangxy 6 Feb 21 00:50 test.txt
Interact with the TCP server
Netcat can exchange data with any server using the TCP protocol, such as using Netcat to execute the PING command in Redis
$ printf "PING\r\n" | nc localhost 6379
+PONG
Equivalent to
$ nc localhost 6379
PING
+PONG