A Unix Utility You Should Know About: Netcat

简介: This is the second post in the article series about Unix utilities that you should know about.

This is the second post in the article series about Unix utilities that you should know about. In this post I will introduce you to the netcat tool or simply nc.

Netcat is often referred to as a "Swiss Army knife" utility, and for a good reason. Just like the multi-function usefulness of the venerable Swiss Army pocket knife, netcat's functionality is as helpful. Some of its features include port scanning, transferring files, port listening and it can be used a backdoor.

In 2006 netcat was ranked #4 in "Top 100 Network Security Tools" survey, so it's definitely a tool to know.

See the first post on pipe viewer for the introduction to this article series. If you feel like you are interested in this stuff, I suggest that you subscribe to my rss feed to receive my future posts automatically.

How to use nc?

Let's start with a few very simple examples and build up on those.

If you remember, I said that netcat was a Swiss Army knife. What would a Swiss Army knife be if it also wasn't a regular knife, right? That's why netcat can be used as a replacement of telnet:

$ nc www.google.com 80

It's actually much more handy than the regular telnet because you can terminate the connection at any time with ctrl+c, and it handles binary data as regular data (no escape codes, nothing).

You may add "-v" parameter for more verboseness, and two -v's (-vv) to get statistics of how many bytes were transmitted during the connection.

Netcat can also be used as a server itself. If you start it as following, it will listen on port 12345 (on all interfaces):

$ nc -l -p 12345

If you now connect to port 12345 on that host, everything you type will be sent to the other party, which leads us to using netcat as a chat server. Start the server on one computer:

# On a computer A with IP 10.10.10.10
$ nc -l -p 12345

And connect to it from another:

# On computer B
$ nc 10.10.10.10 12345

Now both parties can chat!

Talking of which, the chat can be turned to make two processes talk to each other, thus making nc do I/O over network! For example, you can send the whole directory from one computer to another by piping tar to nc on the first computer, and redirecting output to another tar process on the second.

Suppose you want to send files in /data from computer A with IP 192.168.1.10 to computer B (with any IP). It's as simple as this:

# On computer A with IP 192.168.1.10
$ tar -cf - /data | nc -l -p 6666

# On computer B
$ nc 192.168.1.10 6666 | tar -xf -

Don't forget to combine the pipeline with pipe viewer from previous article in this series to get statistics on how fast the transfer is going!

A single file can be sent even easier:

# On computer A with IP 192.168.1.10
$ cat file | nc -l -p 6666

# On computer B
$ nc 192.168.1.10 6666 > file

You may even copy and restore the whole disk with nc:

# On computer A with IP 192.168.1.10
$ cat /dev/hdb | nc -l -p 6666

# On computer B
$ nc 192.168.1.10 6666 > /dev/hdb

Note: It turns out that "-l" can't be used together with "-p" on a Mac! The solution is to replace "-l -p 6666" with just "-l 6666". Like this:

$ nc -l 6666

# nc now listens on port 6666 on a Mac computer

An uncommon use of netcat is port scanning. Netcat is not the best tool for this job, but it does it ok (the best tool is nmap):

$ nc -v -n -z -w 1 192.168.1.2 1-1000 
(UNKNOWN) [192.168.1.2] 445 (microsoft-ds) open
(UNKNOWN) [192.168.1.2] 139 (netbios-ssn) open
(UNKNOWN) [192.168.1.2] 111 (sunrpc) open
(UNKNOWN) [192.168.1.2] 80 (www) open
(UNKNOWN) [192.168.1.2] 25 (smtp) : Connection timed out
(UNKNOWN) [192.168.1.2] 22 (ssh) open

The "-n" parameter here prevents DNS lookup, "-z" makes nc not to receive any data from the server, and "-w 1" makes the connection timeout after 1 second of inactivity.

Another uncommon behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:

$ nc -l -p 12345 | nc www.google.com 80

This starts a nc server on port 12345 and all the connections get redirected to google.com:80. If you now connect to that computer on port 12345 and do a request, you will find that no data gets sent back. That's correct, because we did not set up a bidirectional pipe. If you add another pipe, you can get the data back on another port:

$ nc -l -p 12345 | nc www.google.com 80 | nc -l -p 12346

After you have sent the request on port 12345, connect on port 12346 to get the data.

Probably the most powerful netcat's feature is making any process a server:

$ nc -l -p 12345 -e /bin/bash

The "-e" option spawns the executable with it's input and output redirected via network socket. If you now connect to the host on port 12345, you may use bash:

$ nc localhost 12345
ls -las
total 4288
   4 drwxr-xr-x 15 pkrumins users    4096 2009-02-17 07:47 .
   4 drwxr-xr-x  4 pkrumins users    4096 2009-01-18 21:22 ..
   8 -rw-------  1 pkrumins users    8192 2009-02-16 19:30 .bash_history
   4 -rw-r--r--  1 pkrumins users     220 2009-01-18 21:04 .bash_logout
   ...

The consequences are that nc is a popular hacker tool as it is so easy to create a backdoor on any computer. On a Linux computer you may spawn /bin/bash and on a Windows computer cmd.exe to have total control over it.

That's everything I can think of. Do you know any other netcat uses that I did not include?

How to install nc?

If you're on Debian or Debian based system such as Ubuntu do the following:

$ sudo aptitude install netcat

If you're on Fedora or Fedora based system such as CentOS do:

$ sudo yum install netcat

If you're on Slackware, FreeBSD, NetBSD, Solaris or Mac, download the source code of nc and just:

$ tar -zxf nc-version.tar.gz
$ cd nc-version
$ ./configure && sudo make install

Another way to do it on Mac, if you have MacPorts is:

$ sudo port install netcat

On Slackware you can actually install it as a package from n/ package directory:

$ sudo installpkg nc-1.10-i386-1.tgz

If you're on Windows, download the Windoze port of it from securityfocus.

The manual of the utility can be found here man nc.

Have fun netcatting, and until next time!

 

http://www.catonmat.net/blog/unix-utilities-netcat/

目录
相关文章
|
Unix Perl Ubuntu
A Unix Utility You Should Know About: Pipe Viewer
Hi all. I'm starting yet another article series here. This one is going to be about Unix utilities that you should know about.
921 0
|
Unix Perl Ubuntu
A Unix Utility You Should Know About: Pipe Viewer
Hi all. I'm starting yet another article series here. This one is going to be about Unix utilities that you should know about.
985 0
|
网络协议 Unix Apache
A Unix Utility You Should Know About: lsof
This is the third post in the article series about Unix and Linux utilities that you should know about.
1241 0
|
6月前
|
缓存 网络协议 Unix
Linux(UNIX)五种网络I/O模型与IO多路复用
Linux(UNIX)五种网络I/O模型与IO多路复用
170 0
|
6月前
|
Unix Shell Linux
在Unix/Linux操作系统中,Shell脚本广泛用于自动化任务
在Unix/Linux操作系统中,Shell脚本广泛用于自动化任务
69 2
|
1月前
|
Unix 物联网 大数据
操作系统的演化与比较:从Unix到Linux
本文将探讨操作系统的历史发展,重点关注Unix和Linux两个主要的操作系统分支。通过分析它们的起源、设计哲学、技术特点以及在现代计算中的影响,我们可以更好地理解操作系统在计算机科学中的核心地位及其未来发展趋势。
|
3月前
|
Unix Linux 程序员
Unix:Linux的“逗趣祖师爷”与它的不凡传承
在科技长河中,Unix犹如一颗恒星,既是历史见证者也是未来的启发者。1969年,因程序员肯·汤普森想在他的PDP-7上玩“Space Travel”游戏,意外创造了Unix,以简洁优雅的代码改变了操作系统的世界。进入90年代,林纳斯·托瓦兹受Unix启发,开发了开源免费的Linux,像是Unix调皮的孙子,不仅继承其精髓还增添了开放共享的精神。Unix与Linux之间的传承,就像是智者与追蝶孩童的故事,充满了岁月的智慧与新生的活力,提醒我们科技传奇往往源于不起眼的小事。下次使用Linux时,不妨会心一笑吧!
54 0
|
3月前
|
开发框架 Unix Linux
LangChain 构建问题之在Unix/Linux系统上设置OpenAI API密钥如何解决
LangChain 构建问题之在Unix/Linux系统上设置OpenAI API密钥如何解决
48 0
|
6月前
|
Unix Shell Linux
在Linux和类Unix系统中,Shell提供了多种命令用于用户和权限管理
在Linux和类Unix系统中,Shell提供了多种命令用于用户和权限管理
77 4
|
6月前
|
Oracle Ubuntu Unix
Unix与Linux区别
Unix: Unix是一个操作系统家族的名称,最早由贝尔实验室(Bell Labs)的肖像电机公司(AT&T)开发。最早的Unix版本是在1969年创建的。 Linux: Linux是由芬兰计算机科学家Linus Torvalds在1991年创建的。它是作为一个免费、开放源代码的Unix克隆而开始的。
105 1