ncat brief introduction

ncat namely Netcat.Netcat For from TCP/UDP Read or send network data in connection .cat yes Linux Commands for viewing or connecting files in , therefore netcat The original meaning is to view the contents of the file from the network . and Netcat The author of Hobbit Add a lot of functions to it , It can almost complete all kinds of network operations , therefore Netcat In the field of network security, it is called “TCPIP The Swiss Army knife ”（“Swiss-army knife forTCP/IP”）.

Netcat Stable version 1.10 from Hobbit stay 1996 year 3 Published in （ Open source software ）, The author did not maintain it any more , But the tool has been widely used for more than ten years , And based on Netcat A variety of derivatives are emerging in endlessly , They have enhanced or expanded in many ways Netcat The function of .

Nmap Team developed Ncat As Netcat Updated version of , Added more features （ Such as ssl encryption 、 Proxy connection passed socks4 obtain http）, Make it more adaptable to the needs of modern network environment .

install

yum install -y nmap-ncat

After installation, you can use nc perhaps ncat To use .

Parameter description

Command format ：

ncat [options] [hostname] [port]
1
  -4                         Use IPv4 only
  -6                         Use IPv6 only
  -U, --unixsock             Use Unix domain sockets only
  -C, --crlf                 Use CRLF for EOL sequence
  -c, --sh-exec <command>    Executes the given command via /bin/sh
  -e, --exec <command>       Executes the given command
      --lua-exec <filename>  Executes the given Lua script
  -g hop1[,hop2,...]         Loose source routing hop points (8 max)
  -G <n>                     Loose source routing hop pointer (4, 8, 12, ...)
  -m, --max-conns <n>        Maximum <n> simultaneous connections
  -h, --help                 Display this help screen
  -d, --delay <time>         Wait between read/writes
  -o, --output <filename>    Dump session data to a file
  -x, --hex-dump <filename>  Dump session data as hex to a file
  -i, --idle-timeout <time>  Idle read/write timeout
  -p, --source-port port     Specify source port to use
  -s, --source addr          Specify source address to use (doesn't affect -l) -l, --listen Bind and listen for incoming connections -k, --keep-open Accept multiple connections in listen mode -n, --nodns Do not resolve hostnames via DNS -t, --telnet Answer Telnet negotiations -u, --udp Use UDP instead of default TCP --sctp Use SCTP instead of default TCP -v, --verbose Set verbosity level (can be used several times) -w, --wait <time> Connect timeout -z Zero-I/O mode, report connection status only --append-output Append rather than clobber specified output files --send-only Only send data, ignoring received; quit on EOF --recv-only Only receive data, never send anything --allow Allow only given hosts to connect to Ncat --allowfile A file of hosts allowed to connect to Ncat --deny Deny given hosts from connecting to Ncat --denyfile A file of hosts denied from connecting to Ncat --broker Enable Ncat's connection brokering mode
      --chat                 Start a simple Ncat chat server
      --proxy <addr[:port]>  Specify address of host to proxy through
      --proxy-type <type>    Specify proxy type ("http" or "socks4" or "socks5")
      --proxy-auth <auth>    Authenticate with HTTP or SOCKS proxy server
      --ssl                  Connect or listen with SSL
      --ssl-cert             Specify SSL certificate file (PEM) for listening
      --ssl-key              Specify SSL private key (PEM) for listening
      --ssl-verify           Verify trust and domain name of certificates
      --ssl-trustfile        PEM file containing trusted SSL certificates
      --ssl-ciphers          Cipherlist containing SSL ciphers to use
      --version              Display Ncat's version information and exit

Use scenarios

1 Listen for inbound connections

adopt -l Options ,ncat You can enter monitor mode , Enables us to listen for inbound connections on the specified port .

ncat -l port_number

2 Connecting to a remote system

Use the following command to use nc To connect to a remote system , Be similar to telnet ip port , Establish a connection to the server . You can send commands

ncat IP_address port_number

3 Connect UDP port

By default ,nc When you create a connection, you only connect TCP port . But we can use -u Option to connect to UDP port

ncat -l -u 1234

Suppose we want to send or test a remote host UDP Port connectivity , We can use the following command

ncat -v -u {
    host-ip} {
    udp-port}

such as

ncat -v -u 192.168.105.150 53
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 192.168.105.150:53

4 take nc As a chat tool

nc It can also be used as a chat tool , We can configure the server to listen to a port , Then connect to this port of the server from the remote host , You can start sending messages . Run on the server side ：

ncat -l 8080

Run on a remote client host ：

ncat 192.168.1.100 8080

Then start sending messages , These messages will be displayed on the server terminal .

5 take nc Acting as agent

nc It can also be used as an agent . Here's an example

ncat -l 8080 | ncat 192.168.1.200 80

All sent to our server 8080 Port connections are automatically forwarded to 192.168.1.200 Upper 80 port . But because we use pipes , Data can only be transmitted in one direction . To be able to accept the returned data at the same time , We need to create a two-way pipeline . This can be done with the following command

mkfifo 2way
ncat -l 8080 0<2way | ncat 192.168.1.200 80 1>2way

Now you can go through nc The agent is here to send and receive data

5 Use nc Copy files

nc It can also be used to copy files between systems , Although this is not recommended , Because most systems are installed by default ssh/scp. But if you happen to meet someone who doesn't ssh/scp In the system of , You can use it. nc To make a final effort .

Start on the machine to receive the data nc And put it in monitor mode ：

ncat -l  8080 > file.txt

Now go to the machine where the data is to be copied and run the following command ：

ncat 192.168.1.100 8080 --send-only < data.txt

here ,data.txt It's a file to send . -–send-only Option will close the connection as soon as the file is copied . If you do not add this option , We need to press... By hand ctrl+c To close the connection .

We can also copy the entire partition in this way , But please be careful

6 adopt nc Create a back door

nc Commands can also be used to create backdoors in the system , And it's a technology that hackers use a lot . To protect our system , We need to know how it works . The command to create a backdoor is ：

ncat -l 10000 -e /bin/bash

-e The logo will be a bash And port 10000 Connected to a . Now the client only needs to connect to the server 10000 The port can go through bash Get full access to our system ：

ncat 192.168.1.100 10000

7 adopt nc Port forwarding

Let's go through the options -c To use nc Port forwarding , The syntax of port forwarding is ：

ncat -u -l  80 -c  'ncat -u -l 8080'

such , All connections to 80 Port connections are forwarded to 8080 port

8 Set connection timeout

nc The monitor mode will always run , Until manual termination . But we can go through the options -w Set timeout :

ncat -w 10 192.168.1.100 8080

This leads to connections 10 Terminate in seconds , However, this option can only be used on the client side, not the server side .

9 Use -k Option enforcement nc On standby

When the client disconnects from the server , After a period of time, the server will stop listening . But through the options -k We can force the server to stay connected and continue listening to ports . The order is as follows ：

ncat -l -k 8080

Now even if the connection from the client is broken, it will still be on standby