Swiss-Army Knife for TCP/IP: Netcat

Netcat, also called "the Swiss box cutter networks", is one of the most popular tool for information security. The potential of this small program are almost endless, so to name a few: file transfer, scanning ports, reverse shell, remote administration, banner grabbing and capable even of capture the network traffic. In a few words can make us to netcat everything and more. The only drawback? Creativity!

File Transfer 

If you can entice even more, every day I use Netcat now;). In fact just a few minutes ago I had to transfer part of this ebook, the notebook to the desktop (I know, I could use a pendrive or a cd-rom, but I did;)). Want to know how I did it with Netcat? It's easier to do that say it! The first procedure is to put in the computer that is listening would like a free port on a given file (not occupied by any service). After just take as input, as well as the port number, the name and the file extension you want to send.

Let me give an example, so you understand the process in the best ways: We simulate a possible transfer, which will be the Computer_recv recipient computer and Computer_send will be sending computer. As always, we open our beloved console and Computer_recv type: 

nc-LVP (port_number)-w (seconds)> (file_name.extension)

 example: nc LVP-6775-w 3> / root / Desktop / document.txt 

Now that Computer_recv is listening on port 6775, let's Computer_send and send in files, typing on his console: nc-VVN (ip) (port_number) (file_name.extension) 

example: nc -vvn xxx.xxx.xxx.xxx 6775 < /root/Desktop/document.txt 

The file will be sent within a few seconds, then it is obvious that the higher is its weight, the greater the time required. Here I report the table of options for transferring file; 

-l: Puts a system listens for a possible connection 

-n: Do not use any DNS system to convert the IP address

-p: port where it listens Netcat (care should be a free port) 

-v: The verbose-mode already seen, that will send some information on the process 

-w: Limit the maximum time, in seconds. 

Port Scanning 

I had mentioned before that feature of Netcat, you is the port scanning, port scanning properly called. This we learned that it is already known to Nmap that this is the top, however it may be pointed out useful to be able to use this technique with Netcat. Passing the input, via the console, a single line Netcat will be able to tell us what ports are open or closed:

nc-VVN-z (ip) (Port Range) 

Example: VVN-nc-z xxx.xxx.xxx.xxx 10-20

The above example, will tell Netcat not to translate the ip with the-n, back a lot of information 

with-vv and make the Input and Output on ports using the TCP protocol. All this ip address 

xxx.xxx.xxx.xxx on the doors 10,11,12,13,14,15,16,17,18,19 and 20.

If we want to check this via the UDP protocol and non-TCP, we must add the-u option to the previous string. I remember that this process is quite slow and will certainly require a couple of minutes, however it is really worth having the amazing results.

Remote administration 

Another noteworthy feature is the ability to upload to a Netcat files with the extension .exe (an executable so from Microsoft Windows) and redirect it to another system favoring remote administration, also the entire system. Note: This is a very dangerous if used incorrectly can also cause loss of file system, so as to compromise the entire computer. Without this little detail, let's see how it works. As always we will simulate two computers; Computer_back is your client that will execute the file. Exe. Computer_win will serve as the server computer, which directs the file .exe the client computer. (On Computer_back course runs Backtrack the distribution, while Computer_win runs on any Windows operating system) We go on our Computer_win and we start netcat. (Obviously there The program will Netcat for Windows, downloadable at: www.downloadnetcat.com). Once we started the following line:

-v-lp (port_number)-and cmd.exe

The first 3 options already know them: the option-v is verbose mode- (shows information about the process), l-a connection and starts listening -p specifies the desired port. Also there is the fourth option,-e, which this case, your task is to perform a particular file .exe. Now our server is listening to establish a connection. The interface is that you should look like this: So we're going to connect to the server (Computer_win) through our client (Computer_back), typing on the console the following line:

nc-vv-n (ip) (port_number)

We already know all the options so I will avoid just used to rewrite all, the cycle will generate is quite simple: we ask for Netcat connect to that ip and port indicated. If you did everything correctly, you have established a connection between the Computer_win and Computer_back that will allow you to run the prompt command on the server computer, on your distro Backtrack. In short, you have almost total control of Computer_win.

Modestly speaking, I used this method very few times, but can sometimes be used to establish a communication channel through this chat, which by the way is anonymous and does not leave any trace on computer. To initiate this communication channel will need two computer. First we go on first and let the console: nc-l-p (port_number) (I remind you that need to connect the IP address of first computer, from Windows to get it type: ipconfigfrom Linux: ifconfig-a) Now on the other computer dates from the console:

nc (ip) (port_number) 

These are just some of the potential that enables us to netcat available, there are many options waiting to be explored.