Sunday, March 27, 2011

Netcat Basics

I think if you were going to master only one of these two-letter commands for hacking purposes besides vi, nc is the best candidate. If you are unfamiliar with nc (or netcat), it is an incredibly versatile tool that allows you to open or listen for TCP and UDP connections. It's the original network Swiss Army knife, and it's a valuable tool to have in your arsenal whether you're a sysadmin or a hacker. In the case of both hacking and troubleshooting, it's useful because you can use it like telnet to connect to a remote server and port and start an interactive session:

$ nc mail.example.org 25

220 mail.example.net ESMTP Postfix

. . .

QUIT

Netcat as a Simple Chat Service

You also could open one nc session on a port in listen mode and start a second nc session on a remote host to connect to that port and send text back and forth like a basic chat program. On the listening host, run:

$ nc -l 31337

On the remote host, type:

$ nc hostname 31337

You also can substitute the IPs for hostnames in both examples. Once the connection is made, anything typed on one end is displayed on the other, and you can press Ctrl-D in either session to close the connection.

Netcat for File Transfers

A number of sysadmins have long used this functionality as a quick-and-dirty file-transfer protocol. Start the first nc session in listen mode, and redirect its output to a file:

$ nc -l 31337 > output_file

On the remote machine from which you want to send the file, you would type:

$ nc hostname 31337 < input_file

Once the file has finished transferring, the connection will close automatically.

Netcat as a Port Scanner

Another incredibly useful function of nc is as a port scanner when something more sophisticated isn't around. Just use the -z option to have nc test only whether a port is open instead of connecting to it, add -v for verbose output, and provide a port range as arguments. So to scan a host for open ports between 20 and 25 (good for testing for open FTP, telnet, SSH and SMTP services), you would type:

$ nc -zv host.example.org 20-25

nc: connect to host.example.org port 20 (tcp) failed:

↪Connection refused

Connection to host.example.org 21 port [tcp/ftp] succeeded!

Connection to host.example.org 22 port [tcp/ssh] succeeded!

nc: connect to host.example.org port 23 (tcp) failed:

↪Connection refused

nc: connect to host.example.org port 24 (tcp) failed:

↪Connection refused

Connection to host.example.org 25 port [tcp/smtp] succeeded!

Taken From: http://www.linuxjournal.com/article/10883

2 comments:

JS said...

Pretty useful!

Many Thanks!

Mark Taylor said...

How do I know which product is the best among the ones listed here?
https://buywirelessrouternow.com/best-wireless-router-for-under-100-usd/