I am sure that if you are a person who has some interest in playing around with networks you must have heard about utility called Netcat.
Netcat is simple tool that reads and writes data across TCP or UDP network connections , It was released back in 1995 and has remained popular till today. Despite being popular it is not maintained but a different tool ncat has brought several serious improvements to it but here we’ll just stick to good old netcat.
Messaging - using Netcat, an operator can redirect simple text between
two computers in a simplistic chat.
File Transfer - Netcat allows you to transfer files between computers.
Banner Grabbing - Netcat allows an operator to establish a socket to a specific
port to potentially identify the operating system, service, version, and other information necessary to audit the host.
Port Scanning - Netcat allows the operator to utilize a rudimentary port scanning
function, whereby a port or series of ports can be scanned to determine if the
port is open or closed
Most unix based operating system come pre-installed with this utility,However you can also download and compile it youself (http://netcat.sourceforge.net/) . You can use this on windows too.
Note that I have used netcat-traditional in this post while Ubuntu is shipped with netcat-openbsd , checkout this stackoverflow question on how to change it
I will be using a virtual machine to demonstrate this which has BlachArch Linux on it configured on Bridged Networking
Launch a terminal or command promt(windows) , In this case listener operating system is Blackarch
Type in the following command:
This command opens listener on port 8080
now to connect you need to have ip address of listener in my case it’s 192.168.1.4
type the following command to connect to listener
when it’s connected try to send message from either of connected machines , it might look something like
We can use netcat to grab information about running services on specific ports on a host , to grab banner fire up terminal and issue this command , in this case to grab banner of a web-server.
To send HTTP GET request
you might get something like
HTTP/1.0 200 OK
Date: Mon, 02 Feb 2015 07:29:47 GMT
Server: Apache/2.2.14 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
to grab banner of other port/services use
I used this command to grab banner of my local ssh server and it gave output as
[email protected]:~$ nc -v -n 127.0.0.1 22
(UNKNOWN) [127.0.0.1] 22 (ssh) open
Interestingly netcat can also be used for backdooring , there are many reverse shell script that can be used to bind on port so that an attacker can connect it later but here we’ll use netcat for both listening and connecting
if target is window you can use
it will execute cmd.exe when it’s connected by other machine
and if it’s unix/unix-like you can use
to connect simply use netcat to connect on port 8080 as in this case
and then after that we can simple execute system commands in netcat
When most people talk of port scanners and port scanning capabilities, they generally don’t think of Netcat in the same vein as tools like Nmap, Angry IP Scanner, or Foundstone’s SuperScan. However, Netcat can perform basic port scanning capabilities and even offers the
ability to obfuscate the source of the port scan.
to port scan type this command in terminal
for example I perfomed this scan on my router and it gave out
nc -v -w 1 192.168.1.1 -z 1-100
ZXDSL [192.168.1.1] 80 (http) open
ZXDSL [192.168.1.1] 23 (telnet) open
ZXDSL [192.168.1.1] 22 (ssh) open
ZXDSL [192.168.1.1] 21 (ftp) open
The -v is for verbosity, which in our port scan indicates the open ports that the port scan uncovers. The -w parameter instructs Netcat to wait for one second between scan attempts, or in other words, indicates how long it needs to wait for a port to respond as being open or closed. Next is the target we want to scan, which in this example is 192.168.1.1 , -z switch is new, and indicates that Netcat should operate in zero I/O mode. Zero I/O mode, in this case, speeds up the process of executing the port scan by ignoring any latency baked in by the program to account for delays by the CPU. Finally, we specify range which in this case is 1-100
netcat can be used to send files between server and client without hassle of setting up ftp server and simply using few lines of command
Start the listener server by following command , make sure file which is database.file here is in directory from where command was executed
and on the client side to receive file :