Using Netcat: Remote Admin, Messages, Network I/O all together

If you are in any way familiar with Unix Networking, you might have stumbled upon netcat.


Netcat is often referred as the "Swiss Army Knife" of TCP/IP. You could use it as a handy port scanner, whenever nmap is out of reach, you can transfer files between workstations, set up a temporary Web Server, troubleshoot network issues, use it as a telnet client, etc.


Message Sending
Lets use nc (netcat) to listen on a specific port.

netharis@FOX:~$ nc -l -p 1212

Now, nc is listening for incoming requests at port 1212.
Let's use telnet to send something to the "otherside".

netharis@FOX:~$ telnet localhost 1212
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Aloha

Now the terminal in which we've opened netcat receives the message and can answer too.
With those simple commands, we've set up a homemade chat client and server.

File Transfer
Let's see how we can transfer a file between 2 workstations using netcat.

On the sending edge:
netharis@FOX:~$ cat cv_engl.pdf | nc -l -p 4321

On the receiving edge:
netharis@FOX:~$ nc localhost 4321 > cv_engl_copy.pdf

4321 is the port i used. We just read the file with cat and redirect the output for the nc to serve.

Basic web server
Applying basic rules we can setup a (one shot) Webserver by sending a correct HTTP header.
netharis@FOX:~$ ( echo -e "HTTP/1.0 200 Ok\n\r"; echo "homemade HTTP server"; ) | nc -q 1 -l -p 8080

Then we can browse to the location (http://localhost:8080) and the message will be displayed in our browser.

Serve Processes over network
Lets say, you have an executable, that may include a command line and you want to be able to run it through the network. For instance a bash shell, or python command line.
netharis@FOX:~$ nc -l -p 700 -e /bin/bash

Now we are running a temporary bash session, available in port 700.
Using telnet or netstat, we could use this as a terminal to administrate a server (temporarily) without the hassle of SSH.


Port Scanning
While not so popular and effective as other tools suited for the job, nc will do just fine.

In this example I'm going to scan my router for open ports, inside my network.
Here is a test on port 23 (Telnet).

netharis@FOX:~$ nc -vnzw 1 192.168.0.1 23
(UNKNOWN) [192.168.0.1] 23 (telnet) open

We can also scan ranges of ports like:
netharis@FOX:~$ nc -vnzw 1 192.168.0.1 10-2000
(UNKNOWN) [192.168.0.1] 80 (www) open
(UNKNOWN) [192.168.0.1] 23 (telnet) open

We can see the web interface and telnet ports are open.

These are some uses of Netcat. There are plenty more, like proxying, packet redirection (like a light kernel packet forwarding) and more.

Give it a try.