What is Netcat? All NetCat Commands

Apr 18, 2019 | 5:47 pm

Published by | Chandan Singh

Netcat utility is often called “Swiss Army Knife”, in the good sense of the word. The netcat functionality is useful to the same extent that the versatility and handiness of the reputable pocket Swiss Army Knife is useful. Some of its features include port scanning, file transfer, port listening, and it can be used as a backdoor. In 2006, netcat got the 4th place in the survey “100 Network Security Utilities”, so it is definitely the tool you need to know.

How to install NetCat?

If you have Debian or a system based on Debian, such as Ubuntu, do the following:

$ sudo aptitude install netcat

If you have Fedora or a Fedora based system such as CentOS, do:

$ sudo yum install netcat

If you have Slackware, FreeBSD, NetBSD, Solaris, or Mac, download the nc sources and do:

$ tar -zxf nc-version.tar.gz
$ cd nc-version
$ ./configure && sudo make install

Another way to do this on a Mac is if you have MacPorts:

$ sudo port install netcat

On Slackware, you can install it as a package from the package directory:

$ sudo installpkg nc-1.10-i386-1.tgz

If you have Windows, download from here.

How to use NetCat?

Let’s start with a few simple examples and then we will use them as basic ones.

If you remember, I said that netcat is a Swiss army knife. What would this knife be if it could not be used as an ordinary knife? This is why netcat can be used instead of the usual telnet:

$ nc www.google.com 80

In fact, it is more convenient than regular telnet, because you can terminate the connection at any time by pressing Ctrl + C and it processes binary data as normal (no escape sequences, nothing).

You can add the “-v” parameter to display the action results in more detail, and the (-vv) parameter to get statistics on how many bytes were transferred during the current connection session.

Netcat can be used as a server. If you run it as shown below, it will listen on port 12345 (on all interfaces):

$ nc -l -p 12345

Now if you connect to port 12345 of this host, everything you dial will be transferred to the remote side, which tells us that netcat can be used as a chat server. Run on one of the computers:

# On the computer A to IP 10.10.10.10
$ nc -l -p 12345

And connect to it from another:

# On The Computer B
$ nc 10.10.10.10 12345

Now both sides can talk!

This way of talking, when both parties can talk to each other makes it possible to use nc for I / O operations over the network! For example, you can send a whole directory from one computer to another by arranging the tar pipeline through nc on the first computer, and redirecting the output to another tar process on the second.

Suppose you want to send files from the directory / data of computer A with IP 192.168.1.10 to computer B (with any IP). It’s simple:

# On the computer A с IP 192.168.1.10
$ tar -cf - /data | nc -l -p 6666
# On the computer B
$ nc 192.168.1.10 6666 | tar -xf -

Do not forget to combine the pipeline with the Pipe Viewer , which was described in the previous article, to see the statistics of how fast the transfer takes place!

A single file can be sent easier:

# On the computer A с IP 192.168.1.10
$ cat file | nc -l -p 6666
# On the computer B
$ nc 192.168.1.10 6666 > file

You can even copy and restore the whole disk using nc:

# On the computer A with IP 192.168.1.10
$ cat /dev/hdb | nc -l -p 6666
# On the computer B
$ nc 192.168.1.10 6666 > /dev/hdb

Note: The “-l” option cannot be used with “-p” on Mac computers! The solution is simply to replace “-l -p 6666? on “-l 6666 ?. Like here:

# Now nc is listening on port 6666 for Mac computers
$ nc -l 6666

Exceptional use of netcat – port scan. Netcat is not the best tool for such work, but it copes with it (the best, of course, nmap):

$ nc -v -n -z -w 1 192.168.1.2 1-1000
(UNKNOWN) [192.168.1.2] 445 (microsoft-ds) open
(UNKNOWN) [192.168.1.2] 139 (netbios-ssn) open
(UNKNOWN) [192.168.1.2] 111 (sunrpc) open
(UNKNOWN) [192.168.1.2] 80 (www) open
(UNKNOWN) [192.168.1.2] 25 (smtp) : Connection timed out
(UNKNOWN) [192.168.1.2] 22 (ssh) open

The “-n” option prevents DNS lookups, “-z” does not wait for a server response, and “-w 1? sets the timeout for the connection to 1 second.

Another non-trivial use of netcat as a proxy. Both port and host can be redirected. Take a look at this example:

$ nc -l -p 12345 | nc www.google.com 80

This command starts nc on port 1234 and redirects all connections to google.com:80. If you now connect to this computer on port 12345 and make a request, you will find that you do not receive any data in response. This is correct because we have not established a bidirectional channel. If you add a second channel, you will receive your data on another port:

$ nc -l -p 12345 | nc www.google.com 80 | nc -l -p 12346

After sending a request to port 12345, receive your response data on port 12346.

Probably the most powerful feature of netcat is to run any process as a server:

$ nc -l -p 12345 -e /bin/bash

The “-e” option affects the execution of input and output redirected through a network socket. Now, if you connect to a host on port 12345, you can use bash:

$ nc localhost 12345
ls -las
total 4288
4 drwxr-xr-x 15 pkrumins users    4096 2009-02-17 07:47 .
4 drwxr-xr-x  4 pkrumins users    4096 2009-01-18 21:22 ..
8 -rw-------  1 pkrumins users    8192 2009-02-16 19:30 .bash_history
4 -rw-r--r--  1 pkrumins users     220 2009-01-18 21:04 .bash_logout
...

The implications are that NetCat is a popular hacker tool and it can be used to make a backdoor very easily. On a Linux server, you can run / bin / bash and on Windows cmd.exe and have full control in your hands.

error: Content is protected by Cyberops !!