Netcat is a network utillity for reading and writing network connections that support TCP and UDP protocol. Netcat is a Trojan that opens TCP or UDP ports on a target system and hackers use it with telnet to gain shell access to the target system.
Netcat was originally released in 1996 and is often referred to as a Swiss Army knife utility, and I must say for good reason. Netcat can be used for port scanning, transferring files, grabbing banners, port listening and redirection, and a backdoor. Netcat is a version of cat program, just as cat reads and writes information to files, Netcat reads and writes information across network connections. Netcat was originally coded for UNIX, but can be run on many operation systems. In 2006, www.insecure.org (Nmap hacker) detected Netcat as the second strongest network utillity and in 2003 and 2006 it gained fourth place. Some of Netcat features are:
• Outbound or inbound connections, TCP or UDP, to or from any ports
• Full DNS forward/reverse checking, with appropriate warnings
• Ability to use any local source port
• Ability to use any locally-configured network source address
• Built-in port-scanning capabilities, with randomizer
• Built-in loose source-routing capability
• Can read command line arguments from standard input
• Slow-send mode, one line every N seconds
• Hex dump of transmitted and received data
• Optional ability to let another program service established connections
• Optional telnet-options responder
To download Netcat go to Netcat.sourceforge.net or http://nc110.sourceforge.net/ . After downloading Netcat, to confirm that Netcat installed correctly, type nc –h or Netcat –h to display the help screen.
There are some differences between GNU/Linux and Windows versions. For example, the Lin- Windows version show a persistent listening mode and in Linux version this parameter is used for tunneling mode. Also, the Linux version includes –V that displays version information and in Windows this parameter does not exist.
In this article we will explore a very useful useful command that you will need most. These options for GNULinux version and Windows are the same.
For putting Netcat into server or listening mode use nc –l command and nc Alone run Netcat in client mode. For close at end of file (EOF) from standard input (stdin) use -c option and this option is only available in Linux. To run Netcat at the background use -d option.
One of the most powerful commands is –e prog.This option, available only in server mode, helps you to run the specific program when a client connects to it. Please see flowing commands:
nc –l –p 12345 –e cmd.exe (Windows)
nc –l –p 12345 –e /bin/bash (Linux)
Both commands are similar,but on different systems. The first command executes Netcat in server mode on port 12345 and execute cmd.exe, the second command works similarly to the first command, but executes a bash shell in Linux. To test this option start Netcat in server mode (see Figure 3). Then open a second window and run Netcat in client mode (see Figure 4). Now press enter. You will see Microsoft banner information and a new command prompt. It may seem a bit obscure but don’t worry, you’re running a command prompt through Netcat. Ok, type Exit and you will see that the Netcat server closes in the first window. To start Netcat in server mode on a Linux box type nc –l –p 12345 –e /bin/bash. Now open a command prompt in Windows and start Netcat in client mode (see Figure 5).
To configure Netcat to use source routing, use -g or -G option, but note that most routers block source-routed packets, so this option is slightly obsolete. As I said earlier, for display help use -h switch. Use the –i option to set a delay, this option may be useful for scanning ports with rate limiting. To place Netcat in listening mode or server mode use the –l option. By defult Netcat is a single-use program and when connection is closed – Netcat closes. –l option reopens Netcat with the same command line after the original connection is closed:
nc –l –p 12345 –e cmd.exe -L
Use the –n option to allow numeric-only IP addresses, without –n, Netcat will display forward and reverse name and address lookup for the specified host (see Figure 6 and 7). To specify a special port use -p port as you can see below:
nc –l –p 12345
In the above example Netcat is running in server mode and listening to connections on port 12345. To specify more than one port for Netcat you can use a comma for seperate or even use range of port and common port names. Netcat can also scan ports in client mode that the –p option is not necessary. If you specify a range of ports, Netcat starts at the top and goes to the bottom. For example, if you ask Netcat to scan ports 10–30, it will start at 30 and go backwards to10.
To scan random ports use the –r option. For spoofing the location you can use –s option to change the source address of a packet. You can use Netcat as a telnet server. In order to configure Netcat to answer Telnet use the server-specific –t command. By defult Netcat use TCP, for UDP configured use the –u switch. Since UDP is a connectionless protocol, it is recommended that you use timeouts with this option.
Using Netcat as Simple Chat Interface
As I have mentioned before, Netcat is a networking program designed to read and write data across connections. The easiest way to understand how Netcat works is to set up a server and client. In one terminal window, start the server:
nc –l –p 12345
In a second window, connect to the server with the client:
nc localhost 12345
when you enter a text in one of the windows and press enter, your text is sent to another window (see Figure 8).
Port Scanning with Netcat
For port scanning with Netcat use the following syntax:
nc –[options] hostname [ports]
As we said, you scan use range, commas and name of port for scanning. Below we show you some examples:
nc –v 192.168.1.4 21, 80, 443
nc –v 192.168.1.4 1-200
nc –v 192.168.1.4 http
Transferring Files with Netcat
One application of Netcat is transferring files. Netcat can pull and push files. See the below example for better understanding:
nc –l –p 12345 < textfile
In the above example, Netcat is started in server mode on local port 12345 and is offering textfile. A client who connects to this server is pulling the file from the server, and will receive textfile:
nc 192.168.1.4 12345 > textfile
Netcat can also be used to push files. Please see the example below:
start Netcat in server mode: nc –l –p 12345 > textfile
push the file by starting Netcat in client mode:
nc 192.168.1.4 12345 < textfile
Finally, one of the main Netcat features is banner grabbing. Banner grabbing is a technique to determine the brand, version, operating system and service or application. Use the syntax below:
nc -v IP port
Listing 1. Message Syntax
From: [Alice] <firstname.lastname@example.org>
Date: Mon, 12 Apr 2010 14:21:26 -0400
Subject: Test Message
Hi there! This is supposed to be a real email...
Have a good day!
Listing 2. Feed message to Netcat
nc smtp.domain.com 25 < /tmp/message
220 myrelay.domain.com ESMTP
250 sender <email@example.com> ok
250 recipient <firstname.lastname@example.org> ok
354 go ahead
250 ok: Message 222220902 accepted
when you press enter, after few seconds you will see some information about your IP address and port number, then write HEAD / HTTP/1.0 and hit enter. Now you can see some information about your victim.
Send an email with Netcat
Please make a text file and write your message like this: see Listing 1. Now feed this text file to the Netcat program as follows: see Listing 2. Your email has been sent.
Using Netcat as a Port Scanner
We can say that Netcat is not the most powerful port scanning tool and Nmap can be better for this, but Netcat can handle the task. In the table below you can see port scanning: see Table 1.
You can use the following syntax:
nc -v -z target port-range
Connect to an IRC server with Netcat
You can use Netcat to connect to IRC network. It is very easy and you only need to create a batch file. Create a batch file and write the following command in it:
echo Connecting you to IRC irc.2600.net
nc -v 18.104.22.168 6667
Netcat Power Tools
Hackers Beware – Defending Your Network From The Wiley
Netcat Hacker Manual A Handy Pocket Guide for Your Cat