Netcat
From Wikipedia, the free encyclopedia
 |
|
| Developer(s) | *Hobbit* |
|---|---|
| Stable release | 1.10 / March 20, 1996 |
| Operating system | UNIX |
| Type | Network utility |
| License | Permissive free software[1] |
| Website | http://netcat.sourceforge.net/ |
Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used candidly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.
In 2000 according to www.insecure.org Netcat was voted the second most functional network security tool. Also, in 2003 and 2006 it gained fourth place in the same category. Netcat is often referred to as a "Swiss-army knife for TCP/IP" , and for a good reason. Just like the multi-function usefulness of the venerable Swiss Army pocket knife, netcat’s functionality is as helpful. Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.
According to http://nc110.sourceforge.net/, some of netcat's major features are:
- Outbound or inbound connections, TCP or UDP, to or from any ports
- Full DNS forward/reverse checking, with appropriate warnings
- Ability to use any local source port
- Ability to use any locally-configured network source address
- Built-in port-scanning capabilities, with randomization
- Built-in loose source-routing capability
- Can read command line arguments from standard input
- Slow-send mode, one line every N seconds
- Hex dump of transmitted and received data
- Optional ability to let another program service established connections
- Optional telnet-options responder
[edit] Examples
[edit] Copying files from machine XXX to bar on port 1234 (-l, listen):
user@bar$ nc -l -p 1234 > backup.iso user@foo$ nc bar 1234 < backup.iso
[edit] Opening a raw connection to port 25 is (like telnet):
nc mail.server.net 25
[edit] Checking if UDP ports (-u) 80-90 are open on 192.168.0.1 using zero mode I/O (-z):
nc -vzu 192.168.0.1 80-90
[edit] Pipe via UDP (-u) with a wait time (-w) of 1 second to 'loggerhost' on port 514
echo '<0>message' | nc -w 1 -u loggerhost 514
[edit] Starting a chat server:
On a computer A with IP 192.168.1.2:
nc -l -p 1234
Connecting to computer A from any other computer on the same network:
nc 192.168.1.2 1234
Now both parties can chat!
Note: It turns out that “-l” can’t be used together with “-p” on a Mac. The solution is to replace “-l -p 6666″ with just “-l 6666″. Like this:
nc -l 6666
nc now listens on port 6666 on a Mac computer.
[edit] Portscanning:
An uncommon use of netcat is port scanning. Netcat is not considered the best tool for this job, but it can be sufficient (a more advanced tool is Nmap)
nc -v -n -z -w 1 192.168.1.2 1-1000
The “-n” parameter here prevents DNS lookup, “-z” makes nc not to receive any data from the server, and “-w 1″ makes the connection timeout after 1 second of inactivity.
[edit] Proxying
Another uncommon behavior is using netcat as a proxy. Both ports and hosts can be redirected. Look at this example:
nc -l -p 12345 | nc www.google.com 80
Port 12345 represents the request
This starts a nc server on port 12345 and all the connections get redirected to google.com:80. If it’s connected to that computer on port 12345 and a request is given, it will result that no data gets sent back. That’s correct, because it needs to be redirected by setting up a bidirectional pipe. In order to have bidirectional pipe an additional pipe needs to be added for data back and another port.
nc -l -p 12345 | nc www.google.com 80 | nc -l -p 12346
Port 12346 represents the response
[edit] Making any process a server:
On a computer A with IP 192.168.1.2:
nc -l -p 1234 -e /bin/bash
The “-e” option spawns the executable with it’s input and output redirected via network socket. It connects to computer A from any other computer on the same network:
nc 192.168.1.2 1234 ls -las total 4288 4 drwxr-xr-x 15 pkrumins users 4096 2009-02-17 07:47 . 4 drwxr-xr-x 4 pkrumins users 4096 2009-01-18 21:22 .. 8 -rw------- 1 pkrumins users 8192 2009-02-16 19:30 .bash_history 4 -rw-r--r-- 1 pkrumins users 220 2009-01-18 21:04 .bash_logout ...
The consequences are that nc is a popular hacker tool as it is so easy to create a backdoor on any computer. On a Linux computer you may spawn /bin/bash and on a Windows computer cmd.exe to have total control over it.
[edit] Variants
The original version of netcat is a UNIX program. Its author is known as *Hobbit*. He released version 1.1 in March 1996.
Netcat is fully POSIX compatible and there exist several implementations, including a rewrite from scratch known as GNU netcat, which is maintained by Giovanni Giacobbi and an MS-Windows version of netcat created by Chris Wysopal. Andreas Bischoff has ported the Windows version to Windows CE (now known as Windows Mobile).
On some systems, modified versions or similar utilities go by the command name(s) nc, ncat, pnetcat, socat, sock, socket, sbd.
socat is a more complex cousin of netcat. It is larger and more flexible than netcat, and has more options that must be configured for a given task.
Cryptcat is a version of netcat with integrated transport encryption capabilities.
[edit] See also
|
||||||||||||||||||||||||||
[edit] External links
- OpenBSD nc(1) man page via OpenBSD
- GNU netcat
- Download Netcat for Windows
- Socat
- Netcat for Windows CE (PocketPC, Windows Mobile)
- Advanced Netcat Tutorial
- Netcat - a couple of useful examples
- Netcat useful examples
- major features
[edit] References
- ^ "Copyright file". Debian. http://packages.debian.org/changelogs/pool/main/n/netcat/netcat_1.10-38/netcat.copyright. Retrieved on 2008-09-06.
