Linux netcat command Usage tips

Netcat is a Swiss Army knife in a network tool that can read and write data through TCP and UDP on the network. By combining and redirecting with other tools, you can use it in a variety of ways in your script. It's amazing what you can do with the Netcat command.

What Netcat do is create a link between the two computers and return two data streams, and what you can do after that is your imagination. You can create a server, transfer files, chat with friends, stream streaming media, or use it as a standalone client for other protocols.

Here are some examples of using netcat.

[A (172.31.100.7) B (172.31.100.23)]

Examples of Linux netcat commands:

1, Port scan

Port scans are often used by system administrators and hackers to find open ports on some machines to help them identify vulnerabilities in the system.

$NC-Z-v-n 172.31.100.7 21-25

Can be run in TCP or UDP mode, by default the Tcp,-u parameter is adjusted to UDP.

The z parameter tells Netcat to use 0 IO, which means that once the connection is closed, no data exchange (Translator Note: Translation is not allowed here, if there are other better, please point out)

The V parameter refers to the use of redundancy option (Translator Note: Verbose output)

The n parameter tells Netcat not to use DNS to reverse-query the domain name of the IP address

This command prints 21 to 25 of all open ports. Banner is a text that banner is a text message sent to you by a service that you connect to. Banner information is useful when you are trying to identify a vulnerability or the type and version of a service. However, not all services will send banner.

Once you find the open ports, you can easily use the Netcat connection service to crawl their banner.

$ nc-v 172.31.100.7 21

The Netcat command connects to open port 21 and prints the banner information that is running on this port.

Chat Server

If you want to talk to your friends, there are a lot of software and information services available for you to use. However, if you do not have such extravagant configuration, such as you in the computer lab, all the external connection is limited, how do you and all the friends sitting in the next room all day to communicate that? Don't be depressed, Netcat provides a way for you to create a chat server, a pre-determined port, so that he can reach you.

Server

$NC-L 1567

The Netcat command initiates a TCP server on port 1567, and all standard outputs and inputs are output to that port. Both the output and the input are shown in this shell.

Client

$NC 172.31.100.7 1567

Whatever you type on machine B will appear on machine A.

3, File transfer

Most of the time, we are trying to transfer files over a network or other tool. There are many ways, like FTP,SCP,SMB and so on, but when you just need to transfer files temporarily or once, it's really worth wasting time installing and configuring a software on your machine. Suppose you want to pass a file file.txt from a to B. A or B can be a server or a client, the following, let a as a server, B is the client.

Server

$NC-L 1567 < file.txt

Client

$NC-n 172.31.100.7 1567 > file.txt

Here we create a server on a and redirect the input of netcat to file file.txt, then when any successful connection is made to that port, Netcat will send file contents.

At the client we redirect the output to File.txt, when B connects to A,a to send the file contents, B saves the file contents to file.txt.

There is no need to create a file source as a server, and we can use it in the opposite way. Like the following we send files from B to a, but the server is created on a, this time we only need to redirect the output of the netcat and redirect the input file of B.

B as Server

Server

$NC-L 1567 > file.txt

Client

NC 172.31.100.23 1567 < file.txt

4, Directory Transfer

Sending a file is simple, but if we want to send multiple files, or the entire directory, it is as simple as using the compression tool tar, compressed and send the compressed package.

If you want to transfer a directory over the network from A to B.

Server

$tar-cvf–dir_name | Nc-l 1567

Client

$NC-N 172.31.100.7 1567 | TAR-XVF-

Here on a server, we create a tar archive package and pass it-redirect it in the console, then use the pipeline, redirecting it to Netcat,netcat to send it over the network.

At the client we download the package through the Netcat pipeline and then open the file.

If you want to save bandwidth transfer compression packets, we can use bzip2 or other tools to compress.

Server

$tar-cvf–dir_name| Bzip2-z | Nc-l 1567

Compression via BZIP2

Client

$NC-N 172.31.100.7 1567 | Bzip2-d |TAR-XVF-

Unzip with BZIP2

5. Encrypt the data you send over the network

If you are concerned about the security of your data being sent over the Internet, you can encrypt it with a tool such as mcrypt before sending your data.

Service side

$NC localhost 1567 | Mcrypt–flush–bare-f-q-d-M ECB > file.txt

Encrypt data using the MCrypt tool.

Client

$mcrypt –flush–bare-f-q-m ECB < file.txt | Nc-l 1567

Use the MCrypt tool to decrypt the data.

The above two commands will prompt for a password, ensuring that the same password is used on both ends.

Here we use MCrypt to encrypt, use any other encryption tool can.

6. Streaming video

While not the best way to generate streaming video, if there are no specific tools on the server, using Netcat, we still have the hope of doing it.

Service side

$cat Video.avi | Nc-l 1567

Here we just read from a video file and redirect the output to the Netcat client

$NC 172.31.100.7 1567 | MPLAYER-VO X11-cache 3000-

Here we read the data from the socket and redirect it to MPlayer.

7, Clone a device

If you have installed a Linux machine and need to repeat the same operation to other machines, and you do not want to repeat the configuration again. Do not need to re-configure the installation process, just start another machine with some boot can drive the disk and clone your machine.

Cloning a Linux PC is simple, assuming your system is on disk/DEV/SDA

Server

$DD IF=/DEV/SDA | Nc-l 1567

Client

$NC-N 172.31.100.7 1567 | DD OF=/DEV/SDA

DD is a tool that reads raw data from disk, I redirect its output through the NETCAT server to another machine and writes it to disk, and it copies all of the information along with the partitioned table. But if we have already partitioned and only need to clone the root partition, we can change SDA to sda1,sda2 according to the location of our system root partition. And so on.

8, open a shell

We have used remote shell-with telnet and ssh, but if these two commands are not installed and we do not have permission to install them, we can also use Netcat to create a remote shell.

Suppose your netcat supports the-C-E parameter (default netcat)

Server

$NC-L 1567-E/bin/bash-i

Client

$NC 172.31.100.7 1567

Here we have created a NETCAT server and indicated that it was executed when it was successfully connected/bin/bash

If Netcat does not support the-C or-e parameter (OpenBSD netcat), we can still create a remote shell

Server

$mkfifo/tmp/tmp_fifo$cat/tmp/tmp_fifo | /bin/sh-i 2>&1 | Nc-l 1567 >/tmp/tmp_fifo

Here we create a FIFO file and then use the Pipeline command to direct the FIFO file content to the shell 2>&1. is used to redirect standard error output and standard output, and then pipe to Netcat to run on port 1567. At this point, we have redirected the output of Netcat to the FIFO file.

Description

Input received from the network is written to the FIFO file

The Cat command reads the FIFO file and sends its contents to the SH command

The SH command process receives input and writes it back to Netcat.

Netcat send output to client via network

As to why it succeeds because the pipeline executes the command in parallel, the FIFO file is used to replace the normal file because the FIFO makes the read wait and if it is a normal file, the cat command ends as soon as possible and begins to read the empty file.

Simply connect to the server on the client

Client

$NC-N 172.31.100.7 1567

You will get a shell prompt on the client

Reverse shell

A reverse shell is a shell that people once opened on the client. The reverse shell is named because it differs from other configurations, where the server uses the services provided by the customer.

Service side

$NC-L 1567

On the client side, simply tell Netcat to execute the shell after the connection is complete.

Client

$NC 172.31.100.7 1567-e/bin/bash

Now, what's so special about the reverse shell?
The reverse shell is often used to circumvent firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7, and I use a proxy server to connect to the external network. If I want to access this machine from outside the network such as 1.2.3.4 Shell, then I will use the reverse shell for this purpose.

10. Specify the source port

Suppose your firewall filters all the ports except the 25 port, you need to specify the source port using the-P option.

Server-side

$NC-L 1567

Client

$NC 172.31.100.7 1567-p 25

Using a port within 1024 requires root access.

This command will open port 25 for communication on the client, otherwise the random port will be used.

11. Specify the Source address

Suppose your machine has multiple addresses, and you want to explicitly specify which address to use for external data traffic. We can use the-s option in Netcat to specify the IP address.

Server-side

$NC-U-L 1567 < file.txt

Client

$NC-u 172.31.100.7 1567-s 172.31.100.5 > File.txt

The command binds the address 172.31.100.5.

This is just some examples of using netcat.

Other uses include:

• Use the-t option to impersonate the Telnet client,
• The HTTP client is used to download files,
• Connect to the mail server, use the SMTP protocol to check messages,
• Use FFmpeg to intercept screens and share them via streaming, and more. Other more uses.

Simply put, you can use Netcat as a network communication medium to implement various clients as long as you understand the protocol.

Linux netcat command Usage tips