A Unix Utility You Should Know About: Netcat
来源:互联网 发布:java时间格式化到毫秒 编辑:程序博客网 时间:2024/05/21 10:15
This is the second post in the article series about Unix utilities that you should know about. In this post I will introduce you to thenetcat tool or simply nc.
Netcat is often referred to as a "Swiss Army knife" utility, and for a good reason. Just like the multi-function usefulness of the venerable Swiss Army pocket knife, netcat's functionality is as helpful. Some of its features include port scanning, transferring files, port listening and it can be used a backdoor.
In 2006 netcat was ranked #4 in "Top 100 Network Security Tools" survey, so it's definitely a tool to know.
See the first post on pipe viewer for the introduction to this article series. If you feel like you are interested in this stuff, I suggest that you subscribe tomy rss feed to receive my future posts automatically.
How to use nc?
Let's start with a few very simple examples and build up on those.
If you remember, I said that netcat was a Swiss Army knife. What would a Swiss Army knife be if it also wasn't a regular knife, right? That's whynetcat can be used as a replacement of telnet:
$ nc www.google.com 80
It's actually much more handy than the regular telnet because you can terminate the connection at any time with ctrl+c, and it handles binary data as regular data (no escape codes, nothing).
You may add "-v" parameter for more verboseness, and two -v's (-vv) to get statistics of how many bytes were transmitted during the connection.
Netcat can also be used as a server itself. If you start it as following, it will listen on port 12345 (on all interfaces):
$ nc -l -p 12345
If you now connect to port 12345 on that host, everything you type will be sent to the other party, which leads us to using netcat as achat server. Start the server on one computer:
# On a computer A with IP 10.10.10.10$ nc -l -p 12345
And connect to it from another:
# On computer B$ nc 10.10.10.10 12345
Now both parties can chat!
Talking of which, the chat can be turned to make two processes talk to each other, thus making nc doI/O over network! For example, you can send the whole directory from one computer to another by piping tar to nc on the first computer, and redirecting output to another tar process on the second.
Suppose you want to send files in /data from computer A with IP 192.168.1.10 to computer B (with any IP). It's as simple as this:
# On computer A with IP 192.168.1.10$ tar -cf - /data | nc -l -p 6666# On computer B$ nc 192.168.1.10 6666 | tar -xf -
Don't forget to combine the pipeline with pipe viewer from previous article in this series to get statistics on how fast the transfer is going!
A single file can be sent even easier:
# On computer A with IP 192.168.1.10$ cat file | nc -l -p 6666# On computer B$ nc 192.168.1.10 6666 > file
You may even copy and restore the whole disk with nc:
# On computer A with IP 192.168.1.10$ cat /dev/hdb | nc -l -p 6666# On computer B$ nc 192.168.1.10 6666 > /dev/hdb
Note: It turns out that "-l" can't be used together with "-p" on a Mac! The solution is to replace "-l -p 6666" with just "-l 6666". Like this:
$ nc -l 6666# nc now listens on port 6666 on a Mac computer
An uncommon use of netcat is port scanning. Netcat is not the best tool for this job, but it does it ok (the best tool isnmap):
$ nc -v -n -z -w 1 192.168.1.2 1-1000 (UNKNOWN) [192.168.1.2] 445 (microsoft-ds) open(UNKNOWN) [192.168.1.2] 139 (netbios-ssn) open(UNKNOWN) [192.168.1.2] 111 (sunrpc) open(UNKNOWN) [192.168.1.2] 80 (www) open(UNKNOWN) [192.168.1.2] 25 (smtp) : Connection timed out(UNKNOWN) [192.168.1.2] 22 (ssh) open
The "-n" parameter here prevents DNS lookup, "-z" makes nc not to receive any data from the server, and "-w 1" makes the connection timeout after 1 second of inactivity.
Another uncommon behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:
$ nc -l -p 12345 | nc www.google.com 80
This starts a nc server on port 12345 and all the connections get redirected to google.com:80. If you now connect to that computer on port 12345 and do a request, you will find that no data gets sent back. That's correct, because we did not set up a bidirectional pipe. If you add another pipe, you can get the data back on another port:
$ nc -l -p 12345 | nc www.google.com 80 | nc -l -p 12346
After you have sent the request on port 12345, connect on port 12346 to get the data.
Probably the most powerful netcat's feature is making any process a server:
$ nc -l -p 12345 -e /bin/bash
The "-e" option spawns the executable with it's input and output redirected via network socket. If you now connect to the host on port 12345, you may use bash:
$ nc localhost 12345ls -lastotal 4288 4 drwxr-xr-x 15 pkrumins users 4096 2009-02-17 07:47 . 4 drwxr-xr-x 4 pkrumins users 4096 2009-01-18 21:22 .. 8 -rw------- 1 pkrumins users 8192 2009-02-16 19:30 .bash_history 4 -rw-r--r-- 1 pkrumins users 220 2009-01-18 21:04 .bash_logout ...
The consequences are that nc is a popular hacker tool as it is so easy to create a backdoor on any computer. On a Linux computer you may spawn /bin/bash and on a Windows computer cmd.exe to have total control over it.
That's everything I can think of. Do you know any other netcat uses that I did not include?
How to install nc?
If you're on Debian or Debian based system such as Ubuntu do the following:
$ sudo aptitude install netcat
If you're on Fedora or Fedora based system such as CentOS do:
$ sudo yum install netcat
If you're on Slackware, FreeBSD, NetBSD, Solaris or Mac, download the source code of nc and just:
$ tar -zxf nc-version.tar.gz$ cd nc-version$ ./configure && sudo make install
Another way to do it on Mac, if you have MacPorts is:
$ sudo port install netcat
On Slackware you can actually install it as a package from n/ package directory:
$ sudo installpkg nc-1.10-i386-1.tgz
If you're on Windows, download the Windoze port of it from securityfocus.
The manual of the utility can be found here man nc.
Have fun netcatting, and until next time!
http://www.catonmat.net/blog/unix-utilities-netcat/
- A Unix Utility You Should Know About: Netcat
- A Unix Utility You Should Know About: Pipe Viewer
- A Unix Utility You Should Know About: Pipe Viewer
- A Unix Utility You Should Know About: lsof
- 10 Things You Should Know About Using a BlackBerry!
- What you should know about salary plateau
- You should know this about google(plus)
- 7 Python Libraries you should know about
- What You Should Know About Floats
- 5 XSS Exploits You Should Know About
- 10 things you should know about every Linux installation(ZT)
- 10 things you should know about every Linux installation
- 10 Things You Should Know About Microsoft's Silverlight
- You should know this about T & F & Y!
- 6 Things You Should Know About Fragment URLs
- Something about static Methods in C++ you should know
- What You Should Know about The H.265 Video Codec
- 5 things you should know about SharePoint 2007 Records Center
- 分批处理大数据 -- 时间换取空间策略
- android 悬浮窗口
- 彩色转灰度算法 RGB to Grey
- RedHat - as5 使用yum
- 马尔可夫决策过程
- A Unix Utility You Should Know About: Netcat
- [Linux] shell read命令 通过管道读取文件 [大三TJB_708]
- Ubuntu下安装go语言
- C#字符与数字互相转换,字母转换成ASCII码,ASCII码转换字符
- 看完请思考一下
- 关于3D效果
- Windows 8的企业用户市场:“PC+mobile”的趋势会为Win 8带来企业用户吗?#Live to Code#
- MongoDB最新驱动解析
- Spatialite for Android编译及测试