Netcat - Basic Overview

From SecurityForest

Table of contents

1 What is Netcat? 2 What are Netcats main features? 3 Netcat Commandline Parameters 4 Basic Netcat usage samples 4.1 Simple TCP/IP Connection 4.2 Simple Filetransfer 4.2.1 Compressed Filetransfer 4.2.2 Encrypted Filetransfer 4.2.3 Encrypted, Compressed and IP Restricted Filetransfer 4.2.4 Filesystem Cloning 4.2.5 Disk Cloning 4.3 Scan with Netcat 5 Usefull Links

What is Netcat?

Description from the official homepage:

Netcat is a featured networking utility which reads and writes data across network connections, using the 
TCP/IP protocol.
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other 
programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since 
it can create almost any kind of connection you would need and has several interesting built-in 
capabilities.

What are Netcats main features?

• Outbound and inbound connections, TCP or UDP, to or from any ports.
• Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
• Built-in port-scanning capabilities, with randomizer.
• Full DNS forward/reverse checking, with appropriate warnings.
• Advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data.
• Optional RFC854 telnet codes parser and responder.

Netcat Commandline Parameters

connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [options] [hostname] [port]
options:
        -d              detach from console, stealth mode 
     
        -e prog         inbound program to exec [dangerous!!]
        -g gateway      source-routing hop point[s], up to 8
        -G num          source-routing pointer: 4, 8, 12, ...
        -h              this cruft
        -i secs         delay interval for lines sent, ports scanned
        -l              listen mode, for inbound connects
        -L              listen harder, re-listen on socket close
        -n              numeric-only IP addresses, no DNS
        -o file         hex dump of traffic
        -p port         local port number
        -r              randomize local and remote ports
        -s addr         local source address
        -t              answer TELNET negotiation
        -u              UDP mode
        -v              verbose [use twice to be more verbose]
        -w secs         timeout for connects and final net reads
        -z              zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]

Basic Netcat usage samples

Simple TCP/IP Connection

Connect to a server:

nc hostname port

Be a server:

nc -l -p port

Simple Filetransfer

Serve a file:

nc -l -p port < file

Receive a file:

nc hostname port > file

Compressed Filetransfer

When transferring many or large files over limited bandwidth, it may pay to compress them before sending them and decompress them when they are received. This method compresses the data before sending and decompresses it after it is received so that the files themselves are not compressed on either end, but the stream being transferred is itself compressed. This is more efficient in some cases with bzip2 and bunzip2 but some systems may not have them.

Serve a file:

gzip -c file | nc -l -p port

Receive a file:

nc -w3 hostname port | gunzip -c > file

Encrypted Filetransfer

Serve an encrypted file:

openssl aes-128-cbc -e -k thispassword < file | nc -l -p port

Receive and decrypt an encrypted file:

nc -w3 hostname port | openssl aes-128-cbc -d -k thispassword > file

Encrypted, Compressed and IP Restricted Filetransfer

If combining encryption and compression, be sure to compress first then encrypt when sending and reverse the order for receiving. Do not attempt to encrypt then compress. Compression works by finding patterns which are destroyed intentionally by the process of encryption. Also, though not required, specifying the IP address of the host that will be transferring the file is a good idea.

Serving a compresssed, encrypted file from 192.168.0.1 to 192.168.0.2:

gzip -c < file | openssl aes-128-cbc -e -k thispassword | nc -l 192.168.0.2 12345 

Receiving, decrypting and decompressing that file:

nc 192.168.0.1 12345 | openssl aes-128-cbc -d -k thispassword | gunzip -c > file

Filesystem Cloning

Serve the filesystem:

tar cOPp --same-owner / | nc -l -p port

Receive the filesystem:

nc -w3 hostname port | tar xPp

One alternative not shown is using cpio, which can be very effective for file compression and transfer but the options are much more complex.

Disk Cloning

Serve the disk image:

dd if=/dev/hda | nc -l -p port

Receive the image:

nc -w3 hostname port | dd of=/dev/hda

Scan with Netcat

nc -v -w 2 -z hostname portrange
nc -v -w 2 -z hostname portlisting

Where portrange is for example "10-20" to scan all ports between 10 and 20, portlisting is for example 11,20,135 will scan these ports

I just tried this on windows xp, and the comma separated list of ports does NOT work. Instead, use space separated list.
eg: nc.exe -vv -w 2 -z www.example.com 20-25 79 80 110 137-139 443

Usefull Links

Official Homepage - netcat.sourceforge.net
Usefull Guide - sysunconfig.net/unixtips/netcat_readme.html

Using netcat as a server and proxy - http://www.stearns.org/doc/nc-intro.v0.80.html




That is it already, feel free to edit this text, i know i am not perfect :D
Physaro