NetCat – Swiss Army Knife

Posted on by Neelesh Gurjar

NetCat is called as Swiss Army Knife. Very useful tool for Administrators, Security Testers.

Netcat is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts.  At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.  Netcat, or "nc" as the actual program is named, should have been supplied long ago as another one of those cryptic but standard Unix tools.

 

Some of netcat's major features are:
 
o    Outbound or inbound connections, TCP or UDP, to or from any ports
o    Full DNS forward/reverse checking, with appropriate warnings
o    Ability to use any local source port
o    Ability to use any locally-configured network source address
o    Built-in port-scanning capabilities, with randomizer
o    Built-in loose source-routing capability
o    Can read command line arguments from standard input
o    Slow-send mode, one line every N seconds
o    Hex dump of transmitted and received data
o    Optional ability to let another program service established connections
o    Optional telnet-options responder

 

Prerequisites – Two hosts having nc-traditional installed on it.

 Firewall, Selinux, apparmour should be disable.

 

 

HostA -> Will act as NC server and HostB -> NC client.

 

Examples:

 

1.    On HostA

$ nc -l -p 1234

 

On HostB

$ telnet HostA 1234

 

It will show below output after connection

 

Trying 10.77.25.160…

Connected to ps6108u.persistent.co.in (10.77.25.160).

Escape character is ‘^]’.

 

Now Just type anything on HostB and As soon as You will be able to see it on HostA

 

 

 

 

2.    Run a UDP server with nc

 

On HostA

$ nc -l -u -p 1234

 

On HostB

$ nc -u HostA 1234

 

And try same stuff as above.

 

3.    Stream video on HostB from HostA

 

On HostB

$ nc -l -p 1234 | mplayer -cache 8192

 

On HostA

$ cat video.mpg | nc HostB 1234

 

 

4.    File Transfer with nc  From HostA to HostB

On HostB

$ nc -l -p 1234 >newfile

 

On HostA

$ nc HostB 1234 <origfile

 

5.    Open Backdoor and allow to execute command on HostB

On HostB

$ nc -l -p 1234 -e /bin/bash

 

On HostA

$ nc HostB 1234

 

And now try to run command. Those commands will get executed at HostB

 

6.    Port scanning with NetCat

On HostA

 

$ nc -z HostB 1-1023

 

It will give you list of Open Ports (range 1 to 1023) on HostB.

 

  1 person found this article useful

Neelesh Gurjar has written 122 articles

Leave a Reply