I hear a lot about Netcat being a Swiss army knife for TCP/IP and i wanted to find out, what you can actually do with it. I will continue to add to this page so check back often.
Netcats Wikipedia page says “Netcat (often abbreviated to nc) is a computer networking service for reading from and writing to network connections using TCP or UDP. Netcat is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation its user could need and has a number of built-in capabilities.
Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor”.
How to install Netcat in Windows
You can download Netcat for Windows from joncraton.org. your anti-virus may flag this up as a virus because of what you can do with it, as long as you download it from the link above, just stop your antivirus prior to downloading it.
once downloaded just extract nc.exe from the zip folder and place it in your C:\WINDOWS directory.
Now open up command prompt and you should be able to test Netcat is working by running nc -h which should show you the Netcat help file.
Setup a quick unencrypted chat
Firstly set up one terminal to be a listener.
nc -l -p 31337 nc Netcat -l Listen mode -p Port
On another terminal type the command below which connects to the connection above, on the port specified. You can use either a IP address or a host name.
nc 192.168.0.6 31337
You should now be able to chat between both terminals.
You can quickly transfer a file between two terminals using the commands below, first setup your listener.
nc -v -w 30 -p 31337 -l < file.txt -v Verbose -w 30 Wait 30 seconds before timing out -p Port -l Listen mode < Push file to connecting terminal file.txt File you wish to send
On the other terminal type this command to connect to the listener and receive the file.
nc -v -w 2 192.168.0.6 31337 > file.txt
I have found that the session stays open even after the file has transferred and have to manually ctrl + c to kill the open session.
You can also use Netcat to grab banners.
Banners are the welcome screens that divulge software version numbers and other system information on network hosts.
First we connect to a website on port 80 and then you need to issue a head request.
nc www.hempstutorials.co.uk 80 HTTP/1.1 200
You can also connect directly to a port to get some jucy information.
nc 192.168.0.6 22 (SSH Port)
Have a go grabbing Google’s headers.
nc www.google.com 80 GET / HTTP/1.1
Netcat being used as a port scanner is ok but nowhere in the same league as Nmap.
nc -v -w 1 192.168.0.6 -z 1-1000 -v Verbose -w Wait -z zero i/o mode (used for scanning) 1-1000 scans ports from 1-1000
Remote Shells in Windows
Setup a Netcat listener on your windows box.
nc -Lp 31337 -vv -e cmd.exe -Lp : listen Harder on port -vv : more verbose output -e inbound program the exec cmd.exe is the program to execute.
Then connect to the listener from another terminal.
nc 192.168.0.6 31337
you should now be connected remotely to what ever program you specified in the listener.
Remote Shells From Linux
This is pretty much the same command as above but you are setting up bash in the listener.
nc -lp 31337 -e /bin/bash -lp Listen on Port -e Program to exec /bin/bash is the program to execute
Then connect to the listener on the port specified.
nc 192.168.100.160 31337
Be aware when you remote into a linux box you dont get a promt like you do from windows.
Cryptcat is basicly netcat using Two-Fish Encrytion it can be downloaded from any linux disto using apt-get install Cryptcat but found that its already installed in kali 2.0
We setup a listener first the only difference is we use the -k command and add a password.
cryptcat -k mypassword -l -p 1337 -k enables password used to encrypt the communication
then we connect to the listener using the same -k command using the same password we used in the listener.
cryptcat -k mypassword 10.73.31.124 1337
Making Processes Talk To Each Other
You can send a whole directory between terminals by using the commands below.
First we setup a listener by using tar to zip up the folder and piping that command into a Netcat listener.
tar -cf - /foldername | nc -l -p 1337 tar creates a archive folder -cf Create File archive
On the second terminal we connect to the listener and pipe that into tar which then extracts the folders.
nc 192.168.0.6 1337 | tar -xf - -xf Extract File
You can also copy just one file like we did in the transferring files section using catenate and piping that file into a Netcat listener.
cat file.txt | nc -l -p 1337
and connect to the listener just like we did before using > and the name of the file.
nc 192.168.0.6 1337 > file.txt
To copy the whole hard drive use this command.
cat /dev/hdb | nc -l -p 1337
and on the second console type.
nc 192.168.0.6 1337 > /dev/hdb
Be aware its not recommended using netcat to transfer your entire disc. If there are any errors during transfer, its not going to tell you.
Using Netcat to Direct Network Traffic
You can use Netcat as a proxy.
nc - l -p 1337 | nc http://www.google.com 80
this will make Netcat listen on port 1337, and will pipe all connections to redirect to google.com on port 80. If we open our browser and go to 127.0.0.1:1337, we don’t get anything. Any in the terminal we get a bunch of gibberish (or try example.com which gives you some HTML for a 404 page.) Now, we’re just seeing this information in the terminal, in Netcat, because we haven’t told Netcat to pipe it back out to the browser. This is going to be a bidirectional pipe (Netcat pipes data on port 1337 to Google.com at port 80, which in turn will pipe info back out of Netcat on port 1338).
now we type.
nc -l -p 1337 | nc http://www.google.com 80 | nc -l -p 1338
Now in the browser type in 127.0.0.1:1337. Again, nothing. But, let’s now change that to 1338. It takes us directly to the site!
-g lets you force a data stream through your network to a certain path.
-G tracks that connection and can be used for troubleshooting network problems
-o this will dump data into a file of your choice and can be used as a sniffer for man-in-the-middle attack.
-s can be used to route
-t TCP mode
-u UDP mode
-r randomizing the local and remote ports.