Using Netcat to create and test TCP and UDP connections on a VPS. Norton Commander Netcat Connection Commands

Displaying a test HTML page to a client with a regular browser with one command (port 8080):
(echo -e "HTTP / 1.1 200 OK \ nContent-Type: text / html \ n \ n Hello World";) | nc -vv -l -p 8080
Transferring a file to a client with a regular browser with one command (port 8080):
(echo -e "HTTP / 1.1 200 \ nContent-Disposition: attachment; filename = target-name-which-the-client-will-see \ nContent-Type: application / octet-stream \ nConnection: close \ n"; cat filename- on-disk) | nc -vv -l -p 8080

How to use nc?

(http://handynotes.ru/2010/01/unix-utility-netcat.html )

Let's start with a few simple examples and use them as basic ones.
If you remember, I said that netcat is a Swiss army knife. What would this knife be if it could not be used like a regular knife? This is why netcat can be used instead of regular telnet:

$ nc www.google.com 80

In fact, it is more convenient than regular telnet because you can end the connection at any time by pressing Ctrl + C and it treats binary data as normal (no escape sequences, nothing).
You can add the -v parameter for more detailed output of the results of actions, and the parameter (-vv) to get statistics on how many bytes were transferred during the current connection session.
Netcat can be used as a server. If you run it like below, it will listen on port 12345 (on all interfaces):

$ nc -l -p 12345

Now if you connect to port 12345 of this host, everything you type will be transmitted to the remote side, which tells us that netcat can be used as a chat server. Run on one of the computers:

# On computer A with IP 10.10.10.10
$ nc -l -p 12345

And connect to it from another:

# On computer B
$ nc 10.10.10.10 12345

Now both parties can talk!
This way of talking where both parties can talk to each other makes it possible to use nc for network I / O! For example, you can send an entire directory from one computer to another by setting up a tar pipeline through nc on the first computer, and redirecting the output to another tar process on the second.
Suppose you want to transfer files from the / data directory of computer A with IP 192.168.1.10 to computer B (with any IP). It's simple:


$ tar -cf - / data | nc -l -p 6666


# On computer B
$ nc 192.168.1.10 6666 | tar -xf -

Don't forget to combine the pipeline with the Pipe Viewer that was described in the previous article to see statistics on how fast the transfer is going!
A single file can be sent easier:

# On computer A with IP 192.168.1.10
$ cat file | nc -l -p 6666


# On computer B
$ nc 192.168.1.10 6666> file

You can even copy and restore an entire disk using nc:

# On computer A with IP 192.168.1.10
$ cat / dev / hdb | nc -l -p 6666


# On computer B
$ nc 192.168.1.10 6666> / dev / hdb

Note: The -l option cannot be used in conjunction with -p on Mac computers! The solution is to simply replace “-l -p 6666? to “-l 6666 ?. Like here:

# now nc is listening on port 6666 for Mac computers
$ nc -l 6666

An uncommon use of netcat is port scanning. Netcat is not the best tool for this job, but it does it (the best, of course, nmap):

$ nc -v -n -z -w 1 192.168.1.2 1-1000
(UNKNOWN) 445 (microsoft-ds) open
(UNKNOWN) 139 (netbios-ssn) open
(UNKNOWN) 111 (sunrpc) open
(UNKNOWN) 80 (www) open
(UNKNOWN) 25 (smtp): Connection timed out
(UNKNOWN) 22 (ssh) open

The -n option prevents DNS lookups, -z does not wait for a response from the server, and -w 1? sets the connection timeout to 1 second.
Another non-trivial use of netcat as a proxy. Both port and host can be forwarded. Take a look at this example:

$ nc -l -p 12345 | nc www.google.com 80

This command starts nc on port 1234 and redirects all connections to google.com:80. If you now connect to this computer on port 12345 and make a request, you will find that you are not receiving any data in return. This is correct because we have not set up a bidirectional channel. If you add a second channel, you will receive your data on a different port:

$ nc -l -p 12345 | nc www.google.com 80 | nc -l -p 12346

After sending a request to port 12345, receive your response data on port 12346.
Probably the most powerful feature of netcat is to run any process as a server:

$ nc -l -p 12345 -e / bin / bash

The -e option affects the execution of input and output redirected over a network socket. Now, if you connect to a host on port 12345, you can use bash:
$ nc localhost 12345
ls -las
total 4288
4 drwxr-xr-x 15 pkrumins users 4096 2009-02-17 07:47.
4 drwxr-xr-x 4 pkrumins users 4096 2009-01-18 21:22 ..
8 -rw ——- 1 pkrumins users 8192 2009-02-16 19:30 .bash_history
4 -rw-r — r— 1 pkrumins users 220 2009-01-18 21:04 .bash_logout

(http://execbit.ru/2011/05/23/netcat/)
1 Transfer files (we execute the first command on the receiving machine, the second on the transmitting one:

$ nc -l 31334> filename $ nc 172.16.69.143 31334< filename

$ nc -f / var / log / messages | nc -l 31334 $ nc 172.16.69.143 31334

3 Use instead of telnet (the first is the telnet server, the second is the client):

$ nc -l -p 31334 -e / bin / sh $ nc 172.16.69.143 31334

4 Scan for open ports:

$ nc -z execbit.ru 1-1024

5 Fingerprint services based on banners:

$ echo "QUIT" | nc execbit.ru 1-1024

6 Organize a reverse shell (the first is the client, the second is the server, but the shell will open from the server to the client).

Department of Road Design

Laboratory work No. 1

on the course "Informatics"

Completed by student of group No. 114359 Raikhman Sergey Yurievich

Checked

Laboratory work No. 1

Topic: Norton Commander Utility

Target: Learn to manage your computer using Norton Commander

Norton Commander allows you to perform the following functions: 1) perform MS-DOS functions, 2) display the contents of directories on disks, 3) display a directory tree on a disk, 4) view files, 5) edit text files, 6) copy, move, rename, delete files, 7) change file attributes.

Launch Norton Commander

To start Norton Commander, type “nc” at the command line and press “Enter”. Exit Norton Commander - F10 or Alt + X

Screen and panel views

After starting Norton Commander, two rectangular windows (panels) appear on the screen.


Below these panels is the MS-DOS prompt and an information line with the values ​​of the function keys.

F1 HELP - brief information on the assignment of keys when working with NC.

F2 MENU - custom menu

F3 VIEW - viewing a text file, document

F4 EDIT - editing a text file

F5 COPY - copy files

F6 RENMOV - transfer, rename a file

F7 MKDIR - create directory (subdirectories)

F8 DELETE - delete files or subdirectories

F9 PULL DN - the top line of the screen displays menus containing NC operating modes.

F10 QUIT - exit from NC

Menu by pressing a key F9

Left and Right - set the modes of information output on the left and right panels

Files - various operations are performed with files

Commands - various NC commands are executed, NC configuration and operating modes are set.

One of the menu items is highlighted, to select another item use the arrows<¬>, <­>, <®>, <¯>and the “Enter” key is pressed.

Selecting files

To copy, delete, move files, select them by pressing the Ins key. To cancel the selection, press “Ins” again. At the bottom of the panel, information about the number of selected files appears.

Creating a directory

To create a directory, press the “F7” key, type its name, press “Enter”.

To enter the directory, press the “Enter” key on its name. When you press the “ALT + F10” keys, the directory tree is displayed on the screen. Using the cursor keys, you can quickly move to the desired subdirectory.

Basic keys NC

TAB - switch to another panel

ALT + F1 - Display in the left pane of the table of contents of another disc.

ALT + F2 - Display in the right pane of the table of contents of another disk

CTRL + F1 - hide the left panel from the screen

CTRL + F2 - hide the right panel from the screen

CTRL + O - remove both panels

CTRL + U - swap panels

To start the computer, you need to type “LOGIN” at the prompt, enter the password (335_2).

Laboratory assignments

Using the commands, create a subdirectory structure on the disk:



This is the second post in a series of articles on Unix utilities that you should know. In this article, I present to you the netcat utility or simply nc.

The Netcat utility is often called a kind of "Swiss Army Knife", in a good sense of the word. The functionality of netcat is just as useful as the versatility and handiness of the proven Swiss Army Pocket Knife. Some of its features include port scanning, file transfer, port listening and it can be used as a backdoor.

In 2006 netcat was ranked 4th in the "100 Network Security Utilities" poll, so it is definitely a tool to know.

How to use nc?

If you remember, I said that netcat is a Swiss army knife. What would this knife be if it could not be used like a regular knife? This is why netcat can be used instead of regular telnet:

$ nc www.google.com 80

In fact, it is more convenient than regular telnet because you can end the connection at any time by pressing Ctrl + C and it treats binary data as normal (no escape sequences, nothing).

You can add the -v parameter for more detailed output of the results of actions, and the parameter (-vv) to get statistics on how many bytes were transferred during the current connection session.

Netcat can be used as a server. If you run it like below, it will listen on port 12345 (on all interfaces):

$ nc -l -p 12345

Now if you connect to port 12345 of this host, everything you type will be transmitted to the remote side, which tells us that netcat can be used as a chat server. Run on one of the computers:

# On computer A with IP 10.10.10.10 $ nc -l -p 12345

And connect to it from another:

# On computer B $ nc 10.10.10.10 12345

Now both parties can talk!

This way of talking where both parties can talk to each other makes it possible to use nc for network I / O! For example, you can send an entire directory from one computer to another by setting up a tar pipeline through nc on the first computer, and redirecting the output to another tar process on the second.

Suppose you want to transfer files from the / data directory of computer A with IP 192.168.1.10 to computer B (with any IP). It's simple:

# On computer A with IP 192.168.1.10 $ tar -cf - / data | nc -l -p 6666 # On computer B $ nc 192.168.1.10 6666 | tar -xf -

Don't forget to combine the pipeline with the Pipe Viewer that was described in the previous article to see statistics on how fast the transfer is going!

A single file can be sent in a simpler way:

# On computer A with IP 192.168.1.10 $ cat file | nc -l -p 6666 # On computer B $ nc 192.168.1.10 6666> file

You can even copy and restore an entire disk using nc:

# On computer A with IP 192.168.1.10 $ cat / dev / hdb | nc -l -p 6666 # On machine B $ nc 192.168.1.10 6666> / dev / hdb

Note: The -l option cannot be used in conjunction with -p on Mac computers! The solution is to simply replace “-l -p 6666? to “-l 6666 ?. Like here:

# now nc listens on port 6666 for Mac computers $ nc -l 6666

An uncommon use of netcat is port scanning. Netcat is not the best tool for this job, but it does it (the best, of course, nmap):

$ nc -v -n -z -w 1 192.168.1.2 1-1000 (UNKNOWN) 445 (microsoft-ds) open (UNKNOWN) 139 (netbios-ssn) open (UNKNOWN) 111 (sunrpc) open (UNKNOWN) 80 ( www) open (UNKNOWN) 25 (smtp): Connection timed out (UNKNOWN) 22 (ssh) open

The -n option prevents DNS lookups, -z does not wait for a response from the server, and -w 1? sets the connection timeout to 1 second.

Another non-trivial use of netcat as a proxy. Both port and host can be forwarded. Take a look at this example:

$ nc -l -p 12345 | nc www.google.com 80

This command starts nc on port 1234 and redirects all connections to google.com:80. If you now connect to this computer on port 12345 and make a request, you will find that you are not receiving any data in response. This is correct because we have not set up a bidirectional channel. If you add a second channel, you will receive your data on a different port:

$ nc -l -p 12345 | nc www.google.com 80 | nc -l -p 12346

After sending a request to port 12345, receive your response data on port 12346.

Probably the most powerful feature of netcat is to run any process as a server:

$ nc -l -p 12345 -e / bin / bash

The -e option affects the execution of input and output redirected over a network socket. Now, if you connect to a host on port 12345, you can use bash:

$ nc localhost 12345 ls -las total 4288 4 drwxr-xr-x 15 pkrumins users 4096 2009-02-17 07:47. 4 drwxr-xr-x 4 pkrumins users 4096 2009-01-18 21:22 .. 8 -rw ------- 1 pkrumins users 8192 2009-02-16 19:30 .bash_history 4 -rw-r- -r-- 1 pkrumins users 220 2009-01-18 21:04 .bash_logout ...

The implications are that nc is a popular hacker tool and can be used to create a backdoor very easily. On a Linux server you can run / bin / bash and on Windows cmd.exe and have full control in your hands.

That's all I wanted to say. Are you familiar with any other useful netcat tricks that are not covered here?

How do I install nc?

If you have Debian or a Debian based system such as Ubuntu, do the following:

$ sudo aptitude install netcat

If you have Fedora or a Fedora based system such as CentOS do:

$ sudo yum install netcat

If you have Slackware, FreeBSD, NetBSD, Solaris, or Mac, download the nc sources and do:

$ tar -zxf nc-version.tar.gz $ cd nc-version $ ./configure && sudo make install

Another way to do this on Mac, if you have MacPorts:

$ sudo port install netcat

On Slackware, you can install it as a package from the batch directory:

$ sudo installpkg nc-1.10-i386-1.tgz

If you're on Windows, download the Windoze port from securityfocus.

A manual for the utility can be found in man nc.

Enjoy your time with nc until next time!

In this article, I'll take a look at the popular netcat networking utility and some useful tricks for working with it.


Netcat is a Unix utility that allows you to establish TCP and UDP connections, receive data from there, and transmit it. Despite its usefulness and simplicity, many do not know how to use it and undeservedly bypass it.


Using this utility, you can perform some of the steps in the penetration testing. This can be useful when there are no installed packages on the attacked machine (or will attract attention), there are restrictions (for example, IoT / Embedded devices), etc.


What can be done with netcat:

  • Scan ports;
  • Port Forwarding;
  • Collect service banners;
  • Listen port (bind for reverse connection);
  • Download and upload files;
  • Output raw HTTP content;
  • Create mini chat.

In general, with the help of netcat, you can replace some of the unix utilities, so this tool can be considered a kind of harvester for performing certain tasks.

Practical examples

In many cases, when it is necessary to check a particular host, telnet is used, or their own services are used to identify the host or banner. How netcat can help us:

Checking for an open TCP port 12345

$ nc -vn 192.168.1.100 12345
nc: connect to 192.168.1.100 12345 (tcp) failed: Connection refused

$ nc -v 192.168.1.100 22
Connection to 192.168.1.100 22 port succeeded!
SSH-2.0-OpenSSH

Scanning TCP ports with netcat:

$ nc -vnz 192.168.1.100 20-24

With such a scan, there will be no connection to the port, but only the output of a successful connection:


nc: connectx to 192.168.1.100 port 20 (tcp) failed: Connection refused
nc: connectx to 192.168.1.100 port 21 (tcp) failed: Connection refused
found 0 associations
found 1 connections:
1: flags = 82
outif en0
src 192.168.1.100 port 50168
dst 192.168.1.100 port 22
rank info not available
TCP aux info available
Connection to 192.168.1.100 port 22 succeeded!
nc: connectx to 192.168.1.100 port 23 (tcp) failed: Connection refused
nc: connectx to 192.168.1.100 port 24 (tcp) failed: Connection refused

Scanning UDP ports.

To scan UDP ports with nmap, root privileges are required. If they are not there, in this case the netcat utility can also help us:


$ nc -vnzu 192.168.1.100 5550-5560
Connection to 192.168.1.100 port 5555 succeeded!

Sending UDP packet

$ echo -n "foo" | nc -u -w1 192.168.1.100 161

This can be useful when interacting with network devices.

Receiving data on UDP port and outputting received data

$ nc -u localhost 7777

After the first message, the output will stop. If you need to receive several messages, then you must use while true:


$ while true; do nc -u localhost 7777; done

File transfer. With netcat, you can both receive files and transfer to a remote host:


nc 192.168.1.100 5555< 1.txt
nc -lvp 5555> /tmp/1.txt

Netcact as the simplest web server.

Netcat can act as a simple web server for displaying html pages.


$ while true; do nc -lp 8888< index.html; done

Using a browser at: http: // netcat host: 8888 / index.html. To use the standard web server port 80, you have to run nc with root privileges:


$ while true; do sudo nc -lp 80< test.html; done

Chat between nodes

On the first node (192.168.1.100):


$ nc -lp 9000

On the second node:


$ nc 192.168.1.100 9000

After executing the commands, all characters entered in the terminal window on any of the nodes will appear in the terminal window of the other node.

Reverse shell

Using netcat, you can organize a convenient reverse shell:


nc -e / bin / bash -lp 4444

Now you can connect from the remote host:


$ nc 192.168.1.100 4444

You should not give up if there are no certain tools, often quite cumbersome, sometimes the problem can be solved with improvised means.

|

The Linux system is known for the fact that in most distributions a huge number of useful command line utilities come with the OS. Experienced system administrators can accomplish most tasks with built-in tools without the need to install additional software.

This manual is dedicated to the operation of the utility . This kind of "Swiss army knife" of networking tools can be useful for monitoring, testing, and transferring data over network connections.

This tutorial uses an Ubuntu 12.04 server, but overall netcat is available on almost any modern distribution. Ubuntu comes with a BSD version of the utility that will be used in this tutorial. Other versions may work differently or provide different options.

General syntax

By default, netcat works by initiating a TCP connection to a remote host.

Basic syntax:

netcat [options] host port

This command initiates a TCP connection to the specified host on the specified port. Basically, it functions similarly to the old Linux command telnet. Please note that your connection will be unencrypted.

To send a UDP packet instead of establishing a TCP connection, use the -u option:

netcat -u host port

To set a port range, specify the first and last port in the range, separated by a dash:

netcat host first_port-last_port

Typically this command is used with additional flags.

Most systems can use netcat or nc. They are interchangeable as they are aliases for the same command.

Usagefor port scanning

Most often, netcat is used as a port scanner.

While Netcat is probably not the smartest tool for this task (in most cases nmap is better for this), it can perform simple port scans to quickly identify open ports.

To do this, specify the port range to scan (as shown above) and also use the -z option, which performs scanning instead of establishing connections.

For example, to scan all ports up to port 1000, run:

netcat -z -v domain.com 1-1000

As you can see, in addition to the -z option, this command uses the -v option, thanks to which netcat displays more detailed information.

The result looks like this:

nc: connect to domain.com port 1 (tcp) failed: Connection refused
nc: connect to domain.com port 2 (tcp) failed: Connection refused
nc: connect to domain.com port 3 (tcp) failed: Connection refused
nc: connect to domain.com port 4 (tcp) failed: Connection refused
nc: connect to domain.com port 5 (tcp) failed: Connection refused
nc: connect to domain.com port 6 (tcp) failed: Connection refused
nc: connect to domain.com port 7 (tcp) failed: Connection refused
. . .
Connection to domain.com 22 port succeeded!
. . .

As you can see, this command outputs a fairly verbose output, and also reports whether the scan of each individual port was successful or not.

This is useful when using a domain name.

However, by specifying the correct IP addresses, you can significantly speed up the scan. You can then use the -n flag to indicate that you do not need to resolve the IP address using DNS:

netcat -z -n -v 111.111.111.111 1-1000

The returned messages are sent to standard error. Standard error messages can be sent to standard output to filter the results.

Use bash syntax 2 to redirect standard error to standard output> the results are filtered with grep:

netcat -z -n -v 111.111.111.111 1-1000 2> & 1 | grep succeeded
Connection to 111.111.111.111 22 port succeeded!

So now you can see that the only open port on the remote machine in the 1-1000 range is port 22, the standard SSH port.

Communicationusing netcat

The netcat command is not limited to sending TCP and UDP packets. It can also listen on the port for connections and packets, which makes it possible to connect two netcat instances in a client-server relationship.

Which computer is the server and which is the client is essential only during the initial setup. Once the connection is established, the connection is the same in both directions.

On one machine, you need to tell netcat to listen on a specific port for connections. This is done with the -l option followed by the port number:

By executing this command, netcat listens for TCP connections on port 4444. Now a normal user (non-root) will not be able to open any ports up to 1000 (for server security).

On the second server, you need to connect to the first machine through the specified port. This is done in the same way as shown earlier:

netcat domain.com 4444

Once the connection is established, it may appear that nothing has happened. But now you can send messages on both sides of the connection and they will be visible on both servers.

Enter your message and press ENTER. The message will appear on both local and remote servers. It works the other way too.

When you have finished sending messages, press CTRL-D to terminate the TCP connection.

File sharing with netcat

After familiarizing yourself with the main functions of the utility and following the previous examples, you can move on to more complex tasks.

As mentioned, the netcat utility creates TCP connections that can transfer almost any kind of information, not limited to user-typed messages. This knowledge can be used to turn netcat into a file transfer program.

Again, you need to select one machine to listen for connections. However, instead of printing information to the screen (as in the previous example), netcat will put all the information directly into a file:

netcat -l 4444> received_file

On the second computer, you need to create a simple text file:

echo "Hello, this is a file"> original_file

You can now use this file as input to create a connection to the listening computer. The file will be transferred in the same way as if it had been typed interactively:

netcat domain.com 4444< original_file

As you can see, the computer that was waiting for a connection now has a new file named "received_file" containing the data entered on the other computer:

cat received_file
Hello, this is a file

As you can see, such connections can be easily used to transfer any kind of information.

For example, you can transfer the contents of an entire directory; to do this, create an unnamed tarball, transfer it to the remote system, and unpack it to the remote directory.

On the receiving end, you can use the following command to alert you to get and unpack the file:

netcat -l 4444 | tar xzvf -

The dash at the end of the command means that the tarball will work on stdin, which is currently being sent over the network if a connection is established.

On the side containing the directory to be transferred, zip the given directory and then send it to the remote machine using netcat:

tar -czf - * | netcat domain.com 4444

This time, the dash in the tar command means that the contents of the current directory (as indicated by the *) must be archived and transferred, and then written to standard output.

This is then written to the TCP connection, passed to the other side of the connection, and unpacked into the current directory of the remote computer.

This is just one example of transferring more complex data from one computer to another. Also commonly used is the dd command, which creates a disk image on one side and transfers it to the remote computer. However, this approach is not covered in this guide.

as a simple web server

The netcat utility has already been used to transfer messages and files. This same approach will help you use netcat as a simple web server. This can be useful for testing finished pages.

First, you need to create an HTML file on one server:

In this file, you can place the following simple code:



Test Page


Level 1 header


Subheading


Normal text here




Save and close the file.

This file cannot be served on the default web server port (80) without root privileges. Because as a normal user, set the port to 8888.

To test a single page and see how it is displayed, type something like:

netcat -l 8888< index.html

The content can now be viewed in a browser by visiting:

http: // Server_IP: 8888

This command will display the page, after which the netcat connection will be closed. When you try to refresh the page, it will disappear.

Netcat can serve a page indefinitely; to do this, you need to make the last command cyclical using the line:

while true; do nc -l 8888< index.html; done

Then the page will continue to receive connections after the first connection was terminated.

To stop the loop, type CTRL-C.

This server will allow you to see how the page is displayed in the browser, but does not provide more functionality. Never use a web server like this to serve real sites: it's not secure, and things as simple as links don't always work right.

Outcomes

This tutorial introduces the basic functions and use of netcat. Since this tool is versatile, it can be used to diagnose problems and test the basic functionality of TCP / UDP connections.

In addition, netcat allows you to communicate and exchange information between different computers, which is very important for quick user interaction. By making it easier to create a connection, netcat tries to make network interactions between computers more convenient, faster, and easier to understand.

Tags:,