Friday, December 14, 2012

Netcat - Tool Tuesday

Netcat (nc) is an invaluable tool that makes working with network connections as easy as working with text files (for those of you on UNIX, that is pretty dang easy!)

Set Up a Chat Server

This is a very quick way to set up a person to person chat over the Internet. It isn't encrypted, but it is simple and always works.
Server
# nc -l 8080
Client (replace the IP with any other host)
# nc 127.0.0.1 8080

Clone a Harddisk Over the Web

This is a great free and dirty replacement to Norton Ghost which helps you clone a harddisk from one machine to another.
Machine to Clone to
# nc -l 2222 > /dev/sdb
Machine to Clone From
# nc FROM_HOSTNAME 2222 < /dev/sda
(Note that if a quit character is encountered somewhere in the disk it will kill netcat.)

Transfer a File

Need to transfer a file between a computer but don't have SSH or FTP?
Sender
# nc  -l 8080 < /path/to/some.file
Receiver
# nc localhost 8080 > output.file

See Web Headers

Ever want to see what your web-browser is sending out as headers?
Server
# nc -l 8080
Then point your web-browser to http://localhost:8080/ and watch the netcat window show what your browser is telling all sites you visit.
Example Output
GET / HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: wp-settings-time-1=1348281280

Leave Yourself a Backdoor

Warning, this will totally leave your system open to attackers (and some netcat builds don't even allow this flag for that reason, like Ubuntu's.)
Server
# nc -l 8080 -e /bin/bash
With this example, as soon as you connect, you'll be communicating with a BASH instance running at whatever security level you opened nc with. If you want your users to at least have to authenticate, use /bin/login instead.

Run a Portscan

If you don't have nmap installed, and don't want to build something in Python, you can quickly tell which ports are being used on a host using the following:
# nc -zv localhost 1-5000 2>&1 | grep succeeded
This command checks ports 1-5000 on localhost, and looks for any ports that are open. The reason we redirect stderr to stdout is grep only works on stdout, while nc outputs the information we want on stderr.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)