nc
Netcat is a utility that can be used to create connections between two (or more) machines using specified ports. One machine listens for a connection which essentially opens a specific port whilst the other attempts to connect to it. Without firewalls the process is straightforward and allows for a simple connection between the two machines. Firewalls on either machine make it a little more tricky and require a few more steps.
Install Netcat
emerge --ask net-analyzer/openbsd-netcat
Scan a single port
nc -v hostname 80
Scan mulitple ports
nc -v hostname 1-1000
Setup a simple text website
printf ‘HTTP/1.1 200 OK\n\n%s’ “$(cat index.html)” | netcat -l 1337
HTTP Requests with Netcat Commands
printf “GET / HTTP/1.0\r\n\r\n” | nc google.com 80
Reverse Shell
- A
reverse shellis a remote access approach where you run administrative commands from one terminal while connecting to another server on the network. To get started, you need to enable the shell tool over a Netcat command by using Netcat reverse shell:
To get started, you need to enable the shell tool over a Netcat command by using Netcat reverse shell
nc -n -v -l -p 1337 -e /bin/bash
Connect to the reversed shell
nc 127.0.0.1 1337
$ type any command and you are connected to the reversed shell if it worked
Bind Shell
Start a bind shell on the target
Below works as:
- Listens on port 1337
- Binds /bin/bash to the socket
- Works on almost all systems
mkfifo /tmp/ncpipe
nc -lvnp 1337 < /tmp/ncpipe | /bin/bash > /tmp/ncpipe 2>&1
Now connect to our binded shell
nc nr1 1337
Chat or Web Server
Create a chat or web server
- Server
nc -lvvp 1337
Connect to our chat or web server
nc localhost 1337
Transfer files
Setup listening server (sender)
nc -lvp 1337 < text_file_to_be_sent.txt
Transfer text_file_to_be_sent.txt to our pc (receiver)
nc -w1 nr1 1337 > text_file_to_be_sent.txt
Send syslogs to a server
| Value | Severity | Meaning |
|---|---|---|
| 0 | emerg | System unusable |
| 1 | alert | Immediate action required |
| 2 | crit | Critical condition |
| 3 | err | Error condition |
| 4 | warning | Warning |
| 5 | notice | Normal but significant |
| 6 | info | Informational |
| 7 | debug | Debug-level message |
| Facility Value | Facility Name |
|---|---|
| 0 | kern |
| 1 | user |
| 2 | |
| 3 | daemon |
| 4 | auth |
| 5 | syslog |
| 6 | lpr |
| 7 | news |
| 8 | uucp |
| 9 | cron |
| 10 | authpriv |
| 11 | ftp |
| 16 | local0 |
| 17 | local1 |
| 18 | local2 |
| 19 | local3 |
| 20 | local4 |
| 21 | local5 |
| 22 | local6 |
| 23 | local7 |
| Value | Description |
|---|---|
<13> | user.notice |
<14> | user.info |
<15> | user.debug |
<11> | user.err |
<4> | kern.warning |
<132> | local4.info (16×8+4) |
Quick References
<13> = user.notice <11> = user.err <14> = user.info <134> = local6.info <191> = local7.debug
How to Generate Specific Priority
-
Example: send a
local4.warningFacility 20 × 8 = 160 Severity warning (4)
160 + 4 = 164
- So:
echo '<164>test message' | nc -u -w1 192.168.1.1 514
Send UDP Test Message
nc -w0 -u 192.168.1.102 514 <<< "testing again from my home machine"
echo hi |nc -w0 -u 78.69.211.116 1337