Posted in Cyber Security on the 18th December, 2014 by

Netcat is like the Swiss Army Knife of command line network tools. Netcat can read and write data across network connections using TCP or UDP. From a Pentest or security research point of view Netcat can be used to debug or explore networks since it can create almost any kind of connection.

In its simplest form Netcat can be used to open a tcp connection on a specific port in order to divert standard input across the connection.

nc 127.0.0.1 1234

Netcat can also be used in server mode and can listen on a port for incoming connections. Netcat will keep the connection up as long as there is incoming data.

For example, to transfer a file between two hosts…..

Start Netcat listening on the server (destination) side with -l and get it to output to a file called received.txt. NOTE: Netcat will wait for input and will close the connection once the file has been transferred.

nc -l 1234 > received.txt

On the client side send the file by piping its contents out to Netcat using the cat command. Netcat will open a connection to the specified host and port and will send the input across the network.

cat myfile.txt | nc 127.0.0.1 1234

Netcat can also be used to do some quick DNS queries using the -vu for verbose and UDP along with a domain name and port 53. The -v is important in order to show the result of the DNS query.

nc -vu www.tudublin.ie 53

Netcat takes input from the Stdin so its possible to open a connection to a host, lets say on port 80, and then send commands by typing them at the terminal. The connection will be kept open until you press Ctrl-c.

nc www.google.com 80
GET /HTTP/1.1

The same thing can be achieved by echoing the GET command and piping it to Netcat.

echo "GET /HTTP/1.1" | nc www.microsoft.com 80

Netcat can also be used to scan ports. The example below echo’s a blank command to Netcat which scans ports 10-1000 on the host xxx.xxx.xxx.xxx. In this case the -n specifies no DNS lookup and -w1 specifies a timeout of 1 second between port scans. NOTE: in this case Netcat will carry out a sequential scan from port 10-1000. It is also possible to carry out a random scan using the -r option.

echo "" | nc -v -n -w1 xxx.xxx.xxx.xxx 10-1000

Netcat can come in very handy when its necessary to test networks. It can be very time consuming to setup servers and infrastructure to validate security measures such as firewall rules. The examples of Netcat shown in this blog post are only the tip of the iceberg. For more info on Netcat check out http://nc110.sourceforge.net/

 

«
»

Stephen Sheridan